Vulnerability Details CVE-2019-9825
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://blog.whiterabbitxyj.com/cve/FeiFeiCMS_4.1_code_execution.doc
- https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/FeiFeiCMS_4.1_code_execution.doc
- http://blog.whiterabbitxyj.com/cve/FeiFeiCMS_4.1_code_execution.doc
- https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/FeiFeiCMS_4.1_code_execution.doc