CVE-2025-15264

Medium CVSS: 6.9

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Feehi

Product

Feehicms

CWE

CWE-918

Yayın Tarihi

2025-12-30 19:15:44

Güncelleme

2026-01-07 17:44:36

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Feehicms MEDIUM Feehi 2025

Referanslar

https://vuldb.com/?ctiid.338663 https://vuldb.com/?id.338663 https://vuldb.com/?submit.718278

Benzer Kayıtlar

Medium

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1…

Medium

CVE-2025-63520

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fu…

Medium

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

Medium

CVE-2025-63523

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-o…