Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
finecms finecms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-11582
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
Finecms Finecms
7.5
CVSSv2
CVE-2017-11584
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
Finecms Finecms
7.5
CVSSv2
CVE-2017-11583
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
Finecms Finecms
5.8
CVSSv2
CVE-2017-11586
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
Finecms Finecms
4.3
CVSSv2
CVE-2017-11629
dayrui FineCms up to and including 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
Finecms Finecms
4.3
CVSSv2
CVE-2017-16866
dayrui FineCms 5.2.0 prior to 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
Finecms Finecms 5.2.0
7.5
CVSSv2
CVE-2017-16920
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote malicious users to upload arbitrary .php files via a member api swfupload action to index.php.
Finecms Finecms 5.2.0
4.3
CVSSv2
CVE-2017-11179
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-11198
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote malicious users to inject arbitrary web script or HTML via the folder, id, or name parameter.
Finecms Project Finecms -
6.5
CVSSv2
CVE-2017-11200
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
Finecms Project Finecms -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »