Arbitrary PHP Code Execution in FeiFeiCMS 4.1.190209

Arbitrary PHP Code Execution in FeiFeiCMS 4.1.190209

CVE-2019-9825 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.

Learn more about our Cms Pen Testing.