Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FeehiCMS index.php insert unrestricted upload
Vulnerability Description
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
FeehiCMS 代码问题漏洞
Vulnerability Description
FeehiCMS是Liufee个人开发者的一个基于Php的CMS建站系统。 FeehiCMS 2.1.1 版本及之前版本存在代码问题漏洞,该漏洞源于 /admin/index.php?r=user%2Fcreate 文件的 User[avatar] 参数存在未经验证的文件上传漏洞。
CVSS Information
N/A
Vulnerability Type
N/A