| عنوان | liufee cms 2.1.1 Any Article Delete |
|---|
| الوصف | A vulnerability was found in Feehi CMS 2.1.1. It has been classified as critical. Affected are multiple REST API endpoints (GET, POST, PUT, DELETE) of the /api/articles and /api/articles/{id} routes handled by api/controllers/ArticleController.php. The vulnerability is caused by a missing authentication mechanism ArticleController does not override the behaviors() method, resulting in no authenticator or access control filter being applied to any CRUD action. An unauthenticated remote attacker can retrieve all articles including unpublished drafts which may contain sensitive internal content, create new articles, modify existing ones, and permanently delete any article by simply sending the corresponding HTTP request without any token or credentials. This vulnerability requires zero authentication and exposes full read and write access to all article resources. |
|---|
| المصدر | ⚠️ https://github.com/liufee/cms/issues/87 |
|---|
| المستخدم | byname (UID 98259) |
|---|
| ارسال | 29/05/2026 10:16 AM (1 شهر منذ) |
|---|
| الاعتدال | 28/06/2026 12:58 PM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 374554 [Feehi CMS حتى 2.1.1 REST API Endpoint /api/articles توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|