fengoffice CVE Vulnerabilities & Metrics

Focus on fengoffice vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About fengoffice Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with fengoffice. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total fengoffice CVEs: 2
Earliest CVE date: 23 Sep 2011, 23:55 UTC
Latest CVE date: 16 Jun 2024, 22:15 UTC

Latest CVE reference: CVE-2024-6039

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical fengoffice CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.52

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	4
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS fengoffice CVEs

These are the five CVEs with the highest CVSS scores for fengoffice, sorted by severity first and recency.

CVE-2019-9623 fengoffice Published on 07 Mar 2019, 05:29 UTC (CVSS: 7.5)
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
CVE-2024-6039 fengoffice Published on 16 Jun 2024, 22:15 UTC (CVSS: 6.5)
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.
CVE-2011-3738 fengoffice Published on 23 Sep 2011, 23:55 UTC (CVSS: 5.0)
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
CVE-2014-5343 fengoffice Published on 19 Aug 2014, 18:55 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.
CVE-2013-5744 fengoffice Published on 28 Oct 2013, 22:55 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.

All CVEs for fengoffice

CVE-2024-6039 fengoffice vulnerability CVSS: 6.5 16 Jun 2024, 22:15 UTC

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.

CVE-2019-9623 fengoffice vulnerability CVSS: 7.5 07 Mar 2019, 05:29 UTC

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.

CVE-2014-5343 fengoffice vulnerability CVSS: 4.3 19 Aug 2014, 18:55 UTC

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.

CVE-2013-5744 fengoffice vulnerability CVSS: 4.3 28 Oct 2013, 22:55 UTC

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.

CVE-2011-3738 fengoffice vulnerability CVSS: 5.0 23 Sep 2011, 23:55 UTC

Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.