PT-2025-54214 · Feehicms+1 · Feehicms+1
Hiro
·
Published
2025-12-30
·
Updated
2025-12-30
·
CVE-2025-15264
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FeehiCMS versions up to 2.1.1
Description
A server-side request forgery condition exists in FeehiCMS due to manipulation of the
src argument within an unknown function of the frontend/web/timthumb.php file of the TimThumb component. This allows for remote exploitation. The exploit has been publicly disclosed. The vendor was notified but did not respond.Recommendations
Versions prior to 2.1.1 should be updated.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Feehicms
Timthumb