Exploit Database

147,106 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-65657 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Authenticated Remote Code Execution via Unrestricted File Upload in Ad Management
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
CVSS 6.5
CVE-2025-63523 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Authenticated Parameter Tampering via Read-Only Field Bypass
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.
CVSS 6.5
CVE-2025-63522 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Reverse Tabnabbing in Comments Management
Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function
CVSS 4.6
CVE-2025-63520 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Cross-Site Scripting via User Update ID Parameter
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).
CVSS 6.1
CVE-2026-31354 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored XSS
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVSS 5.4
CVE-2026-31354 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored XSS
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVSS 5.4
CVE-2026-31353 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Category Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS 5.4
CVE-2026-31353 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Category Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS 5.4
CVE-2026-31352 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Role Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS 5.4
CVE-2026-31352 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Role Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS 5.4
CVE-2026-31351 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 4.8
CVE-2026-31351 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 4.8
CVE-2026-31350 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Page Sign Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS 5.4
CVE-2026-31350 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Page Sign Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS 5.4
CVE-2026-31313 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting in Content Field
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
CVSS 5.4
CVE-2022-40373 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via XML File Upload
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.
CVSS 5.4
CVE-2022-40002 WRITEUP MEDIUM
FeehiCMS-2.1.1 - Cross-Site Scripting via Callback Parameter
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.
CVSS 5.4
CVE-2022-40001 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via Article Title Field
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.
CVSS 5.4
CVE-2022-40000 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via Admin Login Username Field
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.
CVSS 5.4
CVE-2022-34971 WRITEUP HIGH
Feehi CMS 2.1.1 - Arbitrary File Upload via Advertising Management Module
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 8.8
CVE-2022-34140 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored Cross-Site Scripting via Username Field
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4
CVE-2022-34140 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored Cross-Site Scripting via Username Field
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4
CVE-2021-36573 WRITEUP MEDIUM
Feehi CMS < 2.1.1 - Remote Code Execution via Crafted Image Upload
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.
CVSS 5.4
CVE-2021-36572 WRITEUP MEDIUM
Feehi CMS < 2.1.1 - Stored Cross-Site Scripting via Login Page User Name Field
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
CVSS 6.1
CVE-2021-30108 WRITEUP CRITICAL
Feehi CMS 2.1.1 - Server-Side Request Forgery via HTTP Referer Header
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
CVSS 9.1