CVE-2020-17563

Name of the Vulnerable Software and Affected Versions: FeiFeiCMS version 4.0

Description: The issue allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the "/index.php?s=/admin-tpl-del&id=" API endpoint. The id variable is used in this process.

Recommendations: For FeiFeiCMS version 4.0, as a temporary workaround, consider restricting access to the "/index.php?s=/admin-tpl-del&id=" API endpoint until a patch is available. Avoid using the id variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.