Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for CMS by Feehi

    CVE-2026-13546 (GCVE-0-2026-13546)

    Vulnerability from nvd – Published: 2026-06-29 07:15 – Updated: 2026-06-29 13:34
    VLAI
    Title
    Feehi CMS REST API Endpoint articles missing authentication
    Summary
    A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/374554 vdb-entry
    https://vuldb.com/vuln/374554/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-13546 third-party-advisory
    https://vuldb.com/submit/842603 third-party-advisory
    https://github.com/liufee/cms/issues/87 exploitissue-tracking
    Impacted products
    Vendor Product Version
    Feehi CMS Affected: 2.1.0
    Affected: 2.1.1
        cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    byname (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:34:43.451804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:34:55.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "REST API Endpoint"
              ],
              "product": "CMS",
              "vendor": "Feehi",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "byname (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T07:15:07.559Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374554 | Feehi CMS REST API Endpoint articles missing authentication",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/374554"
            },
            {
              "name": "VDB-374554 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374554/cti"
            },
            {
              "name": "CVE-2026-13546 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13546"
            },
            {
              "name": "Submit #842603 | liufee cms 2.1.1 Any Article Delete",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842603"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/liufee/cms/issues/87"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T13:03:10.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Feehi CMS REST API Endpoint articles missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13546",
        "datePublished": "2026-06-29T07:15:07.559Z",
        "dateReserved": "2026-06-28T10:58:04.226Z",
        "dateUpdated": "2026-06-29T13:34:55.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13544 (GCVE-0-2026-13544)

    Vulnerability from nvd – Published: 2026-06-29 06:45 – Updated: 2026-06-29 13:48
    VLAI
    Title
    Feehi CMS API users access control
    Summary
    A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Feehi CMS Affected: 2.1.0
    Affected: 2.1.1
        cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    byname (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13544",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:48:47.863478Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:48:58.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "API"
              ],
              "product": "CMS",
              "vendor": "Feehi",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "byname (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T06:45:07.860Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374552 | Feehi CMS API users access control",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/374552"
            },
            {
              "name": "VDB-374552 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374552/cti"
            },
            {
              "name": "CVE-2026-13544 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13544"
            },
            {
              "name": "Submit #842582 | liufee cms 2.1.1 Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842582"
            },
            {
              "name": "Submit #842595 | liufee cms 2.1.1 Improper Privilege Management (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842595"
            },
            {
              "name": "Submit #842602 | liufee cms 2.1.1 Authorization Bypass (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842602"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/liufee/cms/issues/88"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/liufee/cms/issues/89"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T13:02:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Feehi CMS API users access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13544",
        "datePublished": "2026-06-29T06:45:07.860Z",
        "dateReserved": "2026-06-28T10:15:22.055Z",
        "dateUpdated": "2026-06-29T13:48:58.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13546 (GCVE-0-2026-13546)

    Vulnerability from cvelistv5 – Published: 2026-06-29 07:15 – Updated: 2026-06-29 13:34
    VLAI
    Title
    Feehi CMS REST API Endpoint articles missing authentication
    Summary
    A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/374554 vdb-entry
    https://vuldb.com/vuln/374554/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-13546 third-party-advisory
    https://vuldb.com/submit/842603 third-party-advisory
    https://github.com/liufee/cms/issues/87 exploitissue-tracking
    Impacted products
    Vendor Product Version
    Feehi CMS Affected: 2.1.0
    Affected: 2.1.1
        cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    byname (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:34:43.451804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:34:55.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "REST API Endpoint"
              ],
              "product": "CMS",
              "vendor": "Feehi",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "byname (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T07:15:07.559Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374554 | Feehi CMS REST API Endpoint articles missing authentication",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/374554"
            },
            {
              "name": "VDB-374554 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374554/cti"
            },
            {
              "name": "CVE-2026-13546 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13546"
            },
            {
              "name": "Submit #842603 | liufee cms 2.1.1 Any Article Delete",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842603"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/liufee/cms/issues/87"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T13:03:10.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Feehi CMS REST API Endpoint articles missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13546",
        "datePublished": "2026-06-29T07:15:07.559Z",
        "dateReserved": "2026-06-28T10:58:04.226Z",
        "dateUpdated": "2026-06-29T13:34:55.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13544 (GCVE-0-2026-13544)

    Vulnerability from cvelistv5 – Published: 2026-06-29 06:45 – Updated: 2026-06-29 13:48
    VLAI
    Title
    Feehi CMS API users access control
    Summary
    A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Feehi CMS Affected: 2.1.0
    Affected: 2.1.1
        cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    byname (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13544",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:48:47.863478Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:48:58.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "API"
              ],
              "product": "CMS",
              "vendor": "Feehi",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "byname (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T06:45:07.860Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374552 | Feehi CMS API users access control",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/374552"
            },
            {
              "name": "VDB-374552 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374552/cti"
            },
            {
              "name": "CVE-2026-13544 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13544"
            },
            {
              "name": "Submit #842582 | liufee cms 2.1.1 Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842582"
            },
            {
              "name": "Submit #842595 | liufee cms 2.1.1 Improper Privilege Management (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842595"
            },
            {
              "name": "Submit #842602 | liufee cms 2.1.1 Authorization Bypass (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/842602"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/liufee/cms/issues/88"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/liufee/cms/issues/89"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T13:02:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Feehi CMS API users access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13544",
        "datePublished": "2026-06-29T06:45:07.860Z",
        "dateReserved": "2026-06-28T10:15:22.055Z",
        "dateUpdated": "2026-06-29T13:48:58.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }