| tiêu đề | liufee cms 2.1.1 Information Disclosure |
|---|
| Mô tả | https://github.com/liufee/cms/
A vulnerability has been found in Feehi CMS 2.1.1 and classified as problematic. Affected is an unknown function of the /api/users endpoint. The manipulation leads to information disclosure. The attack can be initiated remotely. A regular authenticated user can enumerate all registered users' personally identifiable information (PII), including usernames, email addresses, and account status, without any role-based access control. |
|---|
| Nguồn | ⚠️ https://github.com/liufee/cms/issues/88 |
|---|
| Người dùng | byname (UID 98259) |
|---|
| Đệ trình | 29/05/2026 09:42 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 28/06/2026 12:15 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 374552 [Feehi CMS đến 2.1.1 API /api/users nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|