FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote a

APPLICATION

CMS

19-12-2025 23:22

CVE-2025-65657 Vulnerabilidad documentada

Sin puntuación

Tags

#web

#server

#php

#cms

#application

#attackers

#authenticated

#remote

#execution

#execute

#allow

#attack

Descripción

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS allows authenticated remote attackers to upload files that the server later executes (or stores an executable location) without sufficient validation, sanitization, or execution restrictions. An attacker can crafted PHP file and cause application web execute it, resulting code (RCE).

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-65657.md

https://github.com/liufee/cms/issues/78

Referencia

CVE-2025-65657

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-65657

Resultados similares

Coincidentes en almenos en 50% de los tags

19-12-2025 CVE-2025-14046
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server th...
Ver información

19-12-2025 CVE-2020-11639
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data...
Ver información