| عنوان | liufee cms 2.1.1 Authorization Bypass |
|---|
| الوصف | A vulnerability was found in Feehi CMS 2.1.1. It has been declared as critical. Affected is the DELETE handler of the /api/users/{id} endpoint in api/controllers/UserController.php. The vulnerability arises because UserController inherits from Yii2's ActiveController and only validates token authenticity without performing any role-based or ownership-based authorization checks. A remote, low-privileged authenticated attacker can send a DELETE request to /api/users/{id} with an arbitrary user ID to permanently delete any user account, including administrators. The server returns HTTP 204 No Content with no confirmation or ownership verification, and subsequent GET requests to the same endpoint return HTTP 404, confirming irreversible data loss. The /api/v1/users/{id} endpoint is equally affected. This vulnerability completely violates the principle of least privilege and can be exploited to cause denial of service, permanent user data destruction, and disruption of application functionality. |
|---|
| المصدر | ⚠️ https://github.com/liufee/cms/issues/89 |
|---|
| المستخدم | byname (UID 98259) |
|---|
| ارسال | 29/05/2026 10:13 AM (1 شهر منذ) |
|---|
| الاعتدال | 28/06/2026 12:57 PM (1 month later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 374552 [Feehi CMS حتى 2.1.1 API /api/users تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|