Fengoffice Feng Office — known CVE vulnerabilities
Every CVE whose affected-product data names Fengoffice Feng Office, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2019-9623 — CVSS 9.8 (critical): Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
CVE-2024-6039 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component…
CVE-2025-5877 — CVSS 6.3 (medium): A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some…
CVE-2011-3738 — CVSS 5.0 (medium): Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the…
CVE-2013-5744 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML…
CVE-2014-5343 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name…