| Title | liufee cms 2.1.1 Improper Privilege Management |
|---|
| Description | A vulnerability has been found in Feehi CMS 2.1.1 and classified as critical. Affected is the PUT handler of the /api/users/{id} endpoint. The manipulation leads to privilege escalation. The attack can be initiated remotely. An authenticated user can modify any other user's password and email via an IDOR (Insecure Direct Object Reference) flaw, and subsequently log in as the victim, achieving full account takeover. |
|---|
| Source | ⚠️ https://github.com/liufee/cms/issues/90 |
|---|
| User | byname (UID 98259) |
|---|
| Submission | 05/29/2026 10:00 (1 month ago) |
|---|
| Moderation | 06/28/2026 12:57 (1 month later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 374552 [Feehi CMS up to 2.1.1 API /api/users access control] |
|---|
| Points | 0 |
|---|