exploitDog

CVE-2025-65657

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

Ссылки

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-65657.md
Exploit
Third Party Advisory
https://github.com/liufee/cms/issues/78
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:feehi:feehicms:2.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00104

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-mcxq-54f4-mmx5

CVSS3: 6.5

github

2 месяца назад

FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management

EPSS

Процентиль: 29%

0.00104

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77