Feehi Cms vulnerabilities
17 known vulnerabilities affecting feehi/cms.
Total CVEs
17
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH4MEDIUM9
Vulnerabilities
Page 1 of 1
CVE-2024-8294P2MEDIUM≥ 0, ≤ 2.1.12024-08-29
CVE-2024-8294 [MEDIUM] CWE-434 FeehiCMS file upload vulnerability
FeehiCMS file upload vulnerability
A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted
ghsaosv
CVE-2024-8296P2MEDIUM≥ 0, ≤ 2.1.12024-08-29
CVE-2024-8296 [MEDIUM] CWE-434 FeehiCMS User[avatar] unrestricted upload
FeehiCMS User[avatar] unrestricted upload
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about t
ghsaosv
CVE-2024-8295P2MEDIUM≥ 0, ≤ 2.1.12024-08-29
CVE-2024-8295 [MEDIUM] CWE-434 FeehiCMS BannerForm[img] unrestricted upload
FeehiCMS BannerForm[img] unrestricted upload
A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: Th
ghsaosv
CVE-2020-21322P3HIGH≥ 0, < 2.0.8.12021-09-20
CVE-2020-21322 [HIGH] CWE-434 Arbitrary Code Execution in feehi/cms
Arbitrary Code Execution in feehi/cms
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.
ghsaosv
CVE-2026-13546P3HIGHCVSS 7.3v2.1.0v2.1.12026-06-29
CVE-2026-13546 [HIGH] CWE-287 CVE-2026-13546: A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the f
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early th
nvd
CVE-2022-34140P4MEDIUMPoC≥ 0, ≤ 2.1.12022-07-29
CVE-2022-34140 [MEDIUM] CWE-79 Feehi CMS Cross-site Scripting
Feehi CMS Cross-site Scripting
A stored cross-site scripting (XSS) vulnerability in `/index.php?r=site%2Fsignup` of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
ghsaosv
CVE-2020-21516P3CRITICAL≥ 0, < 2.0.8.12022-09-07
CVE-2020-21516 [CRITICAL] CWE-434 FeehiCMS has an arbitrary file upload vulnerability
FeehiCMS has an arbitrary file upload vulnerability
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.
ghsaosv
CVE-2020-21174P3CRITICAL≥ 0, < 2.0.8.12023-06-20
CVE-2020-21174 [CRITICAL] CWE-434 liufee CMS File Upload vulnerability
liufee CMS File Upload vulnerability
File Upload vulnerability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
ghsaosv
CVE-2020-21489P3CRITICAL≥ 0, < 2.0.8.12023-06-20
CVE-2020-21489 [CRITICAL] CWE-434 Liufee CMS File Upload vulnerability
Liufee CMS File Upload vulnerability
File Upload vulnerability in Liufee CMS, AKA Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the `/admin/index.php?r=admin-user%2Fupdate-self` component.
ghsaosv
CVE-2022-34971P3HIGH≥ 0, ≤ 2.1.12022-07-28
CVE-2022-34971 [HIGH] CWE-434 Feehi CMS arbitrary code execution via crafted PHP file
Feehi CMS arbitrary code execution via crafted PHP file
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
ghsaosv
CVE-2020-22643P3HIGH≥ 0, ≤ 2.1.0-beta2022-05-24
CVE-2020-22643 [HIGH] CWE-434 Feehi CMS arbitrary file upload vulnerability
Feehi CMS arbitrary file upload vulnerability
Feehi CMS 2.1.0-beta is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
ghsaosv
CVE-2021-30108P3CRITICAL≥ 0, ≤ 2.1.12021-06-08
CVE-2021-30108 [CRITICAL] CWE-918 Server-Side Request Forgery in Feehi CMS
Server-Side Request Forgery in Feehi CMS
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
ghsaosv
CVE-2026-13544P3MEDIUMCVSS 6.3v2.1.0v2.1.12026-06-29
CVE-2026-13544 [MEDIUM] CWE-266 CVE-2026-13544: A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue repor
nvd
CVE-2025-65657P3MEDIUM≥ 0, ≤ 2.1.12025-12-02
CVE-2025-65657 [MEDIUM] CWE-20 FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management
FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution
ghsaosv
CVE-2022-38796P4MEDIUM≥ 0, ≤ 2.1.12022-09-15
CVE-2022-38796 [MEDIUM] CWE-74 Feehi CMS host header injection vulnerability
Feehi CMS host header injection vulnerability
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.
ghsaosv
CVE-2020-21146P4MEDIUM≥ 0, < 2.0.8.12022-05-24
CVE-2020-21146 [MEDIUM] CWE-79 Feehi CMS vulnerable to Cross-site Scripting in Username Field
Feehi CMS vulnerable to Cross-site Scripting in Username Field
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
ghsaosv
CVE-2022-43320P4MEDIUM≥ 0, ≤ 2.1.12022-11-09
CVE-2022-43320 [MEDIUM] CWE-79 FeehiCMS is vulnerable to Cross-Site Scripting (XSS)
FeehiCMS is vulnerable to Cross-Site Scripting (XSS)
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.
ghsaosv