Vulnerabilities > Feifeicms > Feifeicms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2020-18418 | Cross-Site Request Forgery (CSRF) vulnerability in Feifeicms 4.1.190209 A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | 8.8 |
| 2023-03-22 | CVE-2023-1565 | Cross-site Scripting vulnerability in Feifeicms 2.7.130201 A vulnerability was found in FeiFeiCMS 2.7.130201. | 5.4 |
| 2021-04-22 | CVE-2020-17564 | Path Traversal vulnerability in Feifeicms 4.0 Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component. | 6.4 |
| 2021-04-22 | CVE-2020-17563 | Path Traversal vulnerability in Feifeicms 4.0 Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=". | 6.4 |
| 2019-03-14 | CVE-2019-9825 | Unrestricted Upload of File with Dangerous Type vulnerability in Feifeicms 4.1.190209 FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature. | 7.5 |
| 2019-02-17 | CVE-2019-8412 | Path Traversal vulnerability in Feifeicms 4.0.181010 FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. | 6.5 |