Remote Code Execution (RCE)

FeehiCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to unrestricted file upload in the Ad Management feature without proper validation or execution restrictions, which allows an attacker to upload and execute malicious PHP files...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

Arbitrary Command Injection

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Ad management feature. An attacker can execute arbitrary code on the server by uploading a crafted PHP file, which is then executed due to insufficient...

GHSA-MCXQ-54F4-MMX5 FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

EUVD-2025-200325

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

PT-2025-48783

Name of the Vulnerable Software and Affected Versions FeehiCMS version 2.1.1 Description FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes without sufficient validation. An attacker can upload a crafted PHP file, causing the application or...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad management system from the Revive Adserver team. The system provides ad placement, ad space management, statistics and other functions. A security vulnerability exists in Revive Adserver that stems from improper handling of usernames, which could lead to...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

CVE-2025-65657

CVE-2025-65657 affects FeehiCMS 2.1.1. A vulnerability in Ad Management allows authenticated remote attackers to upload files (e.g., crafted PHP) that the server may execute, causing remote code execution. The issue is tied to unrestricted file upload with insufficient validation. Exploitation de...

EUVD-2009-2228

Malware in sbrugna...

EUVD-2007-5968

Malware in sbrugna...

EUVD-2022-47801

Malicious code in bioql PyPI...

WordPress ads pro cross-site request forgery vulnerability

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro has a cross-site request forgery vulnerability, which...

WordPress ads pro SQL injection vulnerability (CNVD-2025-15421)

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...

WordPress ads pro SQL Injection Vulnerability

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...

CVE-2022-44870

A reflected cross-site scripting XSS vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module...

Wp-Insert 跨站脚本漏洞

Wp-Insert is an ad management plugin. A cross-site scripting vulnerability exists in Wp-Insert version 2.0.8, which stems from the presence of unknown functions that lead to cross-site scripting...