FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-14T22:00:00Z
Updated: 2024-09-17T02:01:24.516Z
Reserved: 2019-03-14T00:00:00Z
Link: CVE-2019-9825
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-03-14T22:29:01.400
Modified: 2019-03-19T14:11:13.280
Link: CVE-2019-9825
Redhat
No data.