cms icon indicating copy to clipboard operation
cms copied to clipboard
verified publisher icon liufee

FeehiCMS version 2.1.1 - Parameter Tampering for Read-Only Username Parameter

Open kiwi865 opened this issue 3 months ago • 0 comments

[Parameter Tampering for Read-Only Parameter]

Severity Score: Low

CVSS Score: 3.5 Low, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as “read-only.” An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes.

Impact

This can lead to unintended username changes.

POC

Register two users, user1 and user2.

Image Image

Login as backend user, navigate to the user module.

Image

Observe that the username is readonly.

Image

  Update the user record. Below is the original request.

Image

Modified request, added username parameter.

Image

The readonly username was changed.

Image

Remediation

  1. Omit the affected parameter in server side.
  2. Validate only whitelisted parameters are allowed for user updates.

kiwi865 avatar Oct 02 '25 18:10 kiwi865