Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
finecms project finecms - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-12774
finecms in 1.9.5\controllers\member\ContentController.php allows remote malicious users to operate website database
Finecms Project Finecms 1.9.5
9.8
CVSSv3
CVE-2017-11167
FineCMS 2.1.0 allows remote malicious users to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
Finecms Project Finecms 2.1.0
9.8
CVSSv3
CVE-2017-10968
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
Finecms Project Finecms -
8.8
CVSSv3
CVE-2017-11200
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
Finecms Project Finecms -
7.5
CVSSv3
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote malicious users to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is no...
Finecms Project Finecms
6.5
CVSSv3
CVE-2017-10973
In FineCMS prior to 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
Finecms Project Finecms
6.1
CVSSv3
CVE-2017-1000429
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.
Finecms Project Finecms 5.0.10
6.1
CVSSv3
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
6.1
CVSSv3
CVE-2017-14192
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
Finecms Project Finecms 5.0.11
6.1
CVSSv3
CVE-2017-14195
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »