Impact
The vulnerability resides in the /api/articles REST API endpoint of Feehi CMS. An attacker can manipulate requests to this endpoint to bypass authentication, causing the application to process requests as if they were authenticated. This results in unauthorized access to article data, potentially allowing reading or modification of content. The weakness is identified as an authentication failure (CWE-287) and a missing authentication check (CWE-306).
Affected Systems
Feehi CMS versions up to and including 2.1.1 are affected. The vulnerable component is the /api/articles endpoint. No other products or versions are known to be impacted based on the available data.
Risk and Exploitability
The CVSS score of 6.9 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in the KEV catalog, yet the exploit is publicly disclosed and can be executed from any remote host because authentication checks are missing. An attacker who can reach the REST API can retrieve or alter article data, which could be leveraged for further attacks or data exfiltration. Immediate mitigation is required.
OpenCVE Enrichment