159 matches found
CVE-2021-36573
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload...
CVE-2021-36572
Cross Site Scripting XSS vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page...
CVE-2021-36572
Cross Site Scripting XSS vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page...
CVE-2021-36573
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload...
Cross site scripting
Cross Site Scripting XSS vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page...
Unrestricted file upload
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload...
PT-2022-8622 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.0.8 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the lang attribute of an HTML tag. This enables attackers to execute malicious scripts on the client-side, potentially...
PT-2022-10521 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: Feehi CMS versions 2.1.1 and earlier Description: The issue allows attackers to run arbitrary code via the user name field of the "/login" API endpoint. This is a Cross Site Scripting XSS issue, which means attackers can inject malicious...
CVE-2021-36572
CVE-2021-36572 affects Feehi CMS up to version 2.1.1, where the login page’s username field is vulnerable to reflected/stored cross‑site scripting that enables an attacker to run arbitrary code. The vulnerability is triggered through the user name field of the /login endpoint, as noted in multipl...
CVE-2021-36573
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload...
PT-2022-10522 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: Feehi CMS versions prior to 2.1.2 Description: The issue allows attackers to run arbitrary code via a crafted image upload, exploiting a File Upload vulnerability. Recommendations: For Feehi CMS versions prior to 2.1.2, update to version 2.1....
CVE-2021-36573
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload...
PT-2022-25365 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.1.1 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the upload of a crafted XML file. This enables attackers to execute malicious scripts on the victim's browser, potentially...
CVE-2021-36573
CVE-2021-36573 refers to a file-upload vulnerability in Feehi CMS up to version 2.1.1, allowing an attacker to execute arbitrary code via a crafted image upload. The root cause is an unrestricted/unsafe image upload handling that enables code execution on the server. Public references in the conn...
CVE-2021-36572
Cross Site Scripting XSS vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page...
CVE-2021-36572
Cross Site Scripting XSS vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page...
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using admin account at...
Feehi CMS 2.1.1 Remote Code Execution
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...
Feehi CMS host header injection vulnerability
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...