CVE-2025-65657

Medium CVSS: 6.5

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

Vendor

Feehi

Product

Feehicms

CWE

CWE-77

Yayın Tarihi

2025-12-02 21:15:53

Güncelleme

2025-12-19 18:18:36

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Feehicms MEDIUM Feehi 2025

Referanslar

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-65657.md https://github.com/liufee/cms/issues/78

Benzer Kayıtlar

Medium

CVE-2025-15264

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthum…

Medium

CVE-2025-63520

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fu…

Medium

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

Medium

CVE-2025-63523

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-o…