Remote Code Execution (RCE)

FeehiCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to unrestricted file upload in the Ad Management feature without proper validation or execution restrictions, which allows an attacker to upload and execute malicious PHP files...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

Arbitrary Command Injection

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Ad management feature. An attacker can execute arbitrary code on the server by uploading a crafted PHP file, which is then executed due to insufficient...

EUVD-2025-200325

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

GHSA-MCXQ-54F4-MMX5 FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

PT-2025-48783

Name of the Vulnerable Software and Affected Versions FeehiCMS version 2.1.1 Description FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes without sufficient validation. An attacker can upload a crafted PHP file, causing the application or...

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad management system from the Revive Adserver team. The system provides ad placement, ad space management, statistics and other functions. A security vulnerability exists in Revive Adserver that stems from improper handling of usernames, which could lead to...

WordPress ads pro SQL injection vulnerability (CNVD-2025-15421)

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...

CVE-2022-44870

A reflected cross-site scripting XSS vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module...

CVE-2022-44870

A reflected cross-site scripting XSS vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module...

PT-2023-14563 · Maccms10 · Maccms10

Name of the Vulnerable Software and Affected Versions: maccms10 version 2022.1000.3032 Description: A reflected cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module...

Feehi CMS 2.1.1 Remote Code Execution

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

Feehi CMS 2.1.1 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using admin account at...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-23390)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from publi...

OpenX (phpAdsNew) Remote File inclusion Vulnerability

No description provided by source. Exploit Title: OpenX phpAdsNew Remote File inclusion Vulnerability Date: 2010/07/20 Author: ViRuS Qalaa Email: [email protected] My Sites : www.pal-mafia.com & www.vbspiders.com Script url: http://www.opensourcescripts.com/dir/PHP/AdManagement/phpadsnew11.html downlo...

Ad Manager Pro v. 4 Remote FLI

-=--------------------ADVISORY-------------------=- Ad Manager Pro v. 4 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Ad Manager Pro -=+ Version: 4 -=+ Vendor's URL: http://www.phpwebscripts.com/ad-manager-pro/ -=+...

Softbiz Ad Management plus Script 1 - SQL Injection

Softbiz Ad Management plus Script ver 1 SQL INJECTION BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.softbizscripts.com/ Injection Adress : http://sitename/ads.php?package= SQL C0de :...