Search criteria
18 vulnerabilities found for feng_office by fengoffice
FKIE_CVE-2025-5877
Vulnerability from fkie_nvd - Published: 2025-06-09 13:15 - Updated: 2025-07-02 19:17
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.311636 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.311636 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.586971 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fengoffice | feng_office | 3.2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E956139E-C311-4318-8EAD-F0C773B1E9A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en Fengoffice Feng Office 3.2.2.1. Este problema afecta a una funcionalidad desconocida del archivo /application/models/ApplicationDataObject.class.php del componente Document Upload Handler. La manipulaci\u00f3n da lugar a una referencia a una entidad externa XML. El ataque podr\u00eda ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5877",
"lastModified": "2025-07-02T19:17:43.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-09T13:15:26.017",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.311636"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.311636"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.586971"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
},
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-6039
Vulnerability from fkie_nvd - Published: 2024-06-16 22:15 - Updated: 2024-11-21 09:48
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html | Exploit | |
| cna@vuldb.com | https://seclists.org/fulldisclosure/2024/Jun/2 | Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.268752 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.268752 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2024/Jun/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.268752 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.268752 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fengoffice | feng_office | 3.11.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:3.11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3621E4D-7172-4D4F-9310-067DD804A1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Feng Office 3.11.1.2 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Workspaces es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento dim conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-268752."
}
],
"id": "CVE-2024-6039",
"lastModified": "2024-11-21T09:48:48.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-06-16T22:15:09.360",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html"
},
{
"source": "cna@vuldb.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2024/Jun/2"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.268752"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.268752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2024/Jun/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.268752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.268752"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2019-9623
Vulnerability from fkie_nvd - Published: 2019-03-07 05:29 - Updated: 2024-11-21 04:51
Severity ?
Summary
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46471 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46471 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fengoffice | feng_office | 3.7.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:3.7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7745DBB4-B8E1-4A4F-92C4-C35B1ECF60E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via \"\u003c!--#exec cmd=\" in a .shtml file to ck_upload_handler.php."
},
{
"lang": "es",
"value": "La versi\u00f3n 3.7.0.5 de Feng Office permite a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante \""
}
],
"id": "CVE-2019-9623",
"lastModified": "2024-11-21T04:51:59.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-07T05:29:01.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5343
Vulnerability from fkie_nvd - Published: 2014-08-19 18:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2418465C-C63C-4F19-BB75-846E4B9068E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "01778C8E-A97B-4FCC-9AF1-E90303F43FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "2344DA4D-3BB2-41F3-B69B-AA2993400F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6E741D2A-1329-4265-81A4-1A0CA59E04EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:rc:*:*:*:*:*:*",
"matchCriteriaId": "D636D1AB-FEFF-4DEE-8735-0168A84FFD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "49212305-B48D-492F-85A0-9DE502EBEE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5B13199D-A732-4F18-93C3-9856C90EA817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38EC7A1-3FFC-4F48-9660-3CE48EDE1645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A50B5F-FB66-4DA7-8D94-B9198275F32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BB59DF-FBD1-49B5-82D5-D63207F72F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD19521-64BB-4CC8-9D0D-5E80E1E9F111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6BDBBD-4793-44CB-BBFC-DC64B719FFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA5E28AA-93DB-4381-8AFF-AA59322AECC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DBBF6A4-1B7E-42FF-B1E8-ED5B9B96F914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9B8FEFF8-CE07-47BB-BA28-7530646D6DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DECA643A-78C4-488B-B3BA-B022F8041883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F23DF96E-3DF8-47F1-AE6A-95381F9C8A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B05F5A1A-D69F-4E75-BC5E-BC920FD655BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0CB62426-3B0D-4B33-98E3-CB3FA259FCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "56C0D9C4-E770-4853-AABF-7374C053BD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "06C3FE47-D453-418B-8ABF-E5C7F3C59648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79EBCC0F-0389-4FD5-998F-BF634D49DEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "E9D6CE25-C96B-46F1-A0D3-14F2A2B3E9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "A07E12A0-CAE6-454A-8517-FA9D3A61E713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "11F3EB35-F68F-4018-BB07-3CF95E402F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6765CEC-9CF6-418F-B9AF-08ABB9227F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6C987D-267B-492E-B2AE-CE912655FF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "5BF512AE-BCD0-42D0-82FA-41A79744F3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537E450A-3464-4B72-8757-E9FCCB38CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "F206E728-E1A6-4396-9571-8E34E5C225EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33391493-FAE2-4936-8D39-11B9FD6185B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4178258-E097-4087-AD4B-5351F6A91ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.3.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "DBA4551E-C1D6-46CA-8B2E-E0EDA866FD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B148BD6-B15A-4AC1-BAA5-C8EB8115F728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "16B80786-726E-4F00-A302-D713F9F3D5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2713B9E6-3357-4D6A-9523-A1CDD212E37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3458D6A1-2DD4-4C3A-9A3B-15EA4DE9AAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "7992D7EF-0F5D-482D-A22D-2A3D663387BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "0C84AA0A-ACC3-41FD-83A2-504B00B4CDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "262F3298-EED7-4A09-883B-801756433D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1487C37B-A9D1-4BF5-97DA-9CCBE3E49840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "B2525E76-1008-4BB2-88EB-214C75DA3986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "9DD84C1B-44D6-4DD2-95EB-E07AEA0492AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36DF23A8-6D34-43D1-BB53-D404E291A89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81BFC491-7430-4BBC-956D-5C3A061E8E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "D78A5A94-EBD6-4677-8319-E747CFBD1572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.2:rc:*:*:*:*:*:*",
"matchCriteriaId": "A4AB5B8F-7858-4554-812B-5A698C28D028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF58ACE3-69F3-4E2A-988A-CBF5088379AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED754884-9821-4E64-9456-2D1BA5384762",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Feng Office permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un campo de nombre de cliente."
}
],
"id": "CVE-2014-5343",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-19T18:55:03.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69080"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5744
Vulnerability from fkie_nvd - Published: 2013-10-28 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:*:rc:*:*:*:*:*:*",
"matchCriteriaId": "7E031DFD-5572-45F0-806D-0668B9068310",
"versionEndIncluding": "2.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2418465C-C63C-4F19-BB75-846E4B9068E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "01778C8E-A97B-4FCC-9AF1-E90303F43FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "2344DA4D-3BB2-41F3-B69B-AA2993400F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6E741D2A-1329-4265-81A4-1A0CA59E04EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:rc:*:*:*:*:*:*",
"matchCriteriaId": "D636D1AB-FEFF-4DEE-8735-0168A84FFD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "49212305-B48D-492F-85A0-9DE502EBEE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5B13199D-A732-4F18-93C3-9856C90EA817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38EC7A1-3FFC-4F48-9660-3CE48EDE1645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A50B5F-FB66-4DA7-8D94-B9198275F32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BB59DF-FBD1-49B5-82D5-D63207F72F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD19521-64BB-4CC8-9D0D-5E80E1E9F111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6BDBBD-4793-44CB-BBFC-DC64B719FFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "AA5E28AA-93DB-4381-8AFF-AA59322AECC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DBBF6A4-1B7E-42FF-B1E8-ED5B9B96F914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9B8FEFF8-CE07-47BB-BA28-7530646D6DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DECA643A-78C4-488B-B3BA-B022F8041883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F23DF96E-3DF8-47F1-AE6A-95381F9C8A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B05F5A1A-D69F-4E75-BC5E-BC920FD655BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0CB62426-3B0D-4B33-98E3-CB3FA259FCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "56C0D9C4-E770-4853-AABF-7374C053BD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "06C3FE47-D453-418B-8ABF-E5C7F3C59648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79EBCC0F-0389-4FD5-998F-BF634D49DEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "E9D6CE25-C96B-46F1-A0D3-14F2A2B3E9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "A07E12A0-CAE6-454A-8517-FA9D3A61E713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "11F3EB35-F68F-4018-BB07-3CF95E402F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6765CEC-9CF6-418F-B9AF-08ABB9227F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "EF6C987D-267B-492E-B2AE-CE912655FF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "5BF512AE-BCD0-42D0-82FA-41A79744F3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537E450A-3464-4B72-8757-E9FCCB38CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "F206E728-E1A6-4396-9571-8E34E5C225EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33391493-FAE2-4936-8D39-11B9FD6185B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4178258-E097-4087-AD4B-5351F6A91ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.3.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "DBA4551E-C1D6-46CA-8B2E-E0EDA866FD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B148BD6-B15A-4AC1-BAA5-C8EB8115F728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "16B80786-726E-4F00-A302-D713F9F3D5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2713B9E6-3357-4D6A-9523-A1CDD212E37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3458D6A1-2DD4-4C3A-9A3B-15EA4DE9AAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "7992D7EF-0F5D-482D-A22D-2A3D663387BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "0C84AA0A-ACC3-41FD-83A2-504B00B4CDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "262F3298-EED7-4A09-883B-801756433D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1487C37B-A9D1-4BF5-97DA-9CCBE3E49840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "B2525E76-1008-4BB2-88EB-214C75DA3986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "9DD84C1B-44D6-4DD2-95EB-E07AEA0492AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36DF23A8-6D34-43D1-BB53-D404E291A89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:2.3.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "D78A5A94-EBD6-4677-8319-E747CFBD1572",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Feng Office 2.3.2-rc y anteriores versiones permite a atacantes remotos inyectar script arbitrario o HTML a trav\u00e9s de un par\u00e1metro ref_XXX arbitrario."
}
],
"id": "CVE-2013-5744",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-28T22:55:03.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23174"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3738
Vulnerability from fkie_nvd - Published: 2011-09-23 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fengoffice | feng_office | 1.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fengoffice:feng_office:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A50B5F-FB66-4DA7-8D94-B9198275F32E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
},
{
"lang": "es",
"value": "Feng Office v1.7.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con public/upgrade/templates/layout.php y algunos otros archivos."
}
],
"id": "CVE-2011-3738",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:03.443",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-5877 (GCVE-0-2025-5877)
Vulnerability from cvelistv5 – Published: 2025-06-09 12:31 – Updated: 2025-06-09 13:00
VLAI?
Title
Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
Summary
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fengoffice | Feng Office |
Affected:
3.2.2.1
|
Credits
mcdruid (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:00:41.749852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:00:44.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Document Upload Handler"
],
"product": "Feng Office",
"vendor": "Fengoffice",
"versions": [
{
"status": "affected",
"version": "3.2.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mcdruid (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fengoffice Feng Office 3.2.2.1 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /application/models/ApplicationDataObject.class.php der Komponente Document Upload Handler. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:31:04.643Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311636 | Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.311636"
},
{
"name": "VDB-311636 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311636"
},
{
"name": "Submit #586971 | Feng Office \u003e= v3.2.2.1 XXE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.586971"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-08T20:10:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5877",
"datePublished": "2025-06-09T12:31:04.643Z",
"dateReserved": "2025-06-08T18:05:09.822Z",
"dateUpdated": "2025-06-09T13:00:44.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6039 (GCVE-0-2024-6039)
Vulnerability from cvelistv5 – Published: 2024-06-16 22:00 – Updated: 2024-08-01 21:25
VLAI?
Title
Feng Office Workspaces sql injection
Summary
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Feng Office |
Affected:
3.11.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T13:23:04.392750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T13:23:15.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268752 | Feng Office Workspaces sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268752"
},
{
"name": "VDB-268752 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268752"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2024/Jun/2"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Workspaces"
],
"product": "Feng Office",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.11.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Feng Office 3.11.1.2 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Komponente Workspaces. Dank der Manipulation des Arguments dim mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T22:00:07.255Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268752 | Feng Office Workspaces sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268752"
},
{
"name": "VDB-268752 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268752"
},
{
"tags": [
"mailing-list"
],
"url": "https://seclists.org/fulldisclosure/2024/Jun/2"
},
{
"tags": [
"exploit"
],
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-16T15:19:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Feng Office Workspaces sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6039",
"datePublished": "2024-06-16T22:00:07.255Z",
"dateReserved": "2024-06-16T13:13:55.539Z",
"dateUpdated": "2024-08-01T21:25:03.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9623 (GCVE-0-2019-9623)
Vulnerability from cvelistv5 – Published: 2019-03-07 05:00 – Updated: 2024-08-04 21:54
VLAI?
Summary
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via \"\u003c!--#exec cmd=\" in a .shtml file to ck_upload_handler.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via \"\u003c!--#exec cmd=\" in a .shtml file to ck_upload_handler.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46471",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"name": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9623",
"datePublished": "2019-03-07T05:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5343 (GCVE-0-2014-5343)
Vulnerability from cvelistv5 – Published: 2014-08-19 18:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69080",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69080"
},
{
"name": "fengoffice-customername-xss(95173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69080",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69080"
},
{
"name": "fengoffice-customername-xss(95173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69080"
},
{
"name": "fengoffice-customername-xss(95173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"name": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5343",
"datePublished": "2014-08-19T18:00:00",
"dateReserved": "2014-08-19T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5744 (GCVE-0-2013-5744)
Vulnerability from cvelistv5 – Published: 2013-10-28 22:00 – Updated: 2024-09-17 02:31
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:30.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-28T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23174",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5744",
"datePublished": "2013-10-28T22:00:00Z",
"dateReserved": "2013-09-16T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:22.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3738 (GCVE-0-2011-3738)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3738",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:28.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5877 (GCVE-0-2025-5877)
Vulnerability from nvd – Published: 2025-06-09 12:31 – Updated: 2025-06-09 13:00
VLAI?
Title
Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
Summary
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fengoffice | Feng Office |
Affected:
3.2.2.1
|
Credits
mcdruid (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:00:41.749852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:00:44.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Document Upload Handler"
],
"product": "Feng Office",
"vendor": "Fengoffice",
"versions": [
{
"status": "affected",
"version": "3.2.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mcdruid (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fengoffice Feng Office 3.2.2.1 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /application/models/ApplicationDataObject.class.php der Komponente Document Upload Handler. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:31:04.643Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311636 | Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.311636"
},
{
"name": "VDB-311636 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311636"
},
{
"name": "Submit #586971 | Feng Office \u003e= v3.2.2.1 XXE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.586971"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-08T20:10:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5877",
"datePublished": "2025-06-09T12:31:04.643Z",
"dateReserved": "2025-06-08T18:05:09.822Z",
"dateUpdated": "2025-06-09T13:00:44.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6039 (GCVE-0-2024-6039)
Vulnerability from nvd – Published: 2024-06-16 22:00 – Updated: 2024-08-01 21:25
VLAI?
Title
Feng Office Workspaces sql injection
Summary
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Feng Office |
Affected:
3.11.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T13:23:04.392750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T13:23:15.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268752 | Feng Office Workspaces sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268752"
},
{
"name": "VDB-268752 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268752"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2024/Jun/2"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Workspaces"
],
"product": "Feng Office",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.11.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Feng Office 3.11.1.2 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Komponente Workspaces. Dank der Manipulation des Arguments dim mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T22:00:07.255Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268752 | Feng Office Workspaces sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268752"
},
{
"name": "VDB-268752 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268752"
},
{
"tags": [
"mailing-list"
],
"url": "https://seclists.org/fulldisclosure/2024/Jun/2"
},
{
"tags": [
"exploit"
],
"url": "https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-16T15:19:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Feng Office Workspaces sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6039",
"datePublished": "2024-06-16T22:00:07.255Z",
"dateReserved": "2024-06-16T13:13:55.539Z",
"dateUpdated": "2024-08-01T21:25:03.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9623 (GCVE-0-2019-9623)
Vulnerability from nvd – Published: 2019-03-07 05:00 – Updated: 2024-08-04 21:54
VLAI?
Summary
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via \"\u003c!--#exec cmd=\" in a .shtml file to ck_upload_handler.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via \"\u003c!--#exec cmd=\" in a .shtml file to ck_upload_handler.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46471",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46471"
},
{
"name": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9623",
"datePublished": "2019-03-07T05:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5343 (GCVE-0-2014-5343)
Vulnerability from nvd – Published: 2014-08-19 18:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69080",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69080"
},
{
"name": "fengoffice-customername-xss(95173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69080",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69080"
},
{
"name": "fengoffice-customername-xss(95173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69080"
},
{
"name": "fengoffice-customername-xss(95173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95173"
},
{
"name": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5343",
"datePublished": "2014-08-19T18:00:00",
"dateReserved": "2014-08-19T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5744 (GCVE-0-2013-5744)
Vulnerability from nvd – Published: 2013-10-28 22:00 – Updated: 2024-09-17 02:31
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:30.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-28T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23174",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5744",
"datePublished": "2013-10-28T22:00:00Z",
"dateReserved": "2013-09-16T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:22.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3738 (GCVE-0-2011-3738)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3738",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:28.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}