Published: 28/07/2022 Updated: 26/10/2022

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
feehi feehi cms 2.1.1

# Exploit Title: Feehi CMS 211 - Remote Code Execution (RCE) (Authenticated) # Date: 22-08-2022 # Exploit Author: yuyudhn # Vendor Homepage: feehicom/ # Software Link: githubcom/liufee/cms # Version: 211 (REQUIRED) # Tested on: Linux, Docker # CVE : CVE-2022-34140 # Proof of Concept: 1 Login using admin account at f ...

Feehi CMS version 211 suffers from a persistent cross site scripting vulnerability ...

Feehi CMS version 211 suffers from an authenticated remote code execution vulnerability ...

CWE-79 https://github.com/liufee/cms https://github.com/liufee/cms/issues/61 http://packetstormsecurity.com/files/168012/Feehi-CMS-2.1.1-Cross-Site-Scripting.html http://packetstormsecurity.com/files/168476/Feehi-CMS-2.1.1-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/51018

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-34140

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect