Design/Logic Flaw

2019-03-1422:29:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the “add article” feature.

CPENameOperatorVersion
feifeicmseq4.1.190209

CPE	Name	Operator	Version
	feifeicms	eq	4.1.190209

References

blog.whiterabbitxyj.com/cve/FeiFeiCMS_4.1_code_execution.doc

github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/FeiFeiCMS_4.1_code_execution.doc