FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.

Published : 2019-03-14 22:29 Updated : 2019-03-19 14:11

CVSS Score More info
Score 7.5 / 10
Vendor Product Version URI
Feifeicms Feifeicms 4.1.190209 cpe:/a:feifeicms:feifeicms:4.1.190209
  1. Feifeicms (1) Search CVE
    1. Feifeicms (1) Search CVE
      1. 4.1.190209


ID Name Description Links
CWE-434 Unrestricted Upload of File with Dangerous Type The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. CVE

History of changes

Date Event
2019-03-19 14:11
2019-03-14 22:29