Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
finecms finecms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-11180
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.
Finecms Project Finecms -
6.1
CVSSv3
CVE-2017-11198
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote malicious users to inject arbitrary web script or HTML via the folder, id, or name parameter.
Finecms Project Finecms -
8.8
CVSSv3
CVE-2017-11200
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
Finecms Project Finecms -
6.1
CVSSv3
CVE-2017-6511
andrzuk/FineCMS prior to 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.
Finecms Project Finecms
7.5
CVSSv3
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote malicious users to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is no...
Finecms Project Finecms
6.1
CVSSv3
CVE-2017-13697
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
Finecms Project Finecms 5.0.11
6.1
CVSSv3
CVE-2017-14195
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.
Finecms Project Finecms 5.0.11
9.8
CVSSv3
CVE-2017-12774
finecms in 1.9.5\controllers\member\ContentController.php allows remote malicious users to operate website database
Finecms Project Finecms 1.9.5
6.1
CVSSv3
CVE-2017-14192
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
Finecms Project Finecms 5.0.11
9.8
CVSSv3
CVE-2017-11167
FineCMS 2.1.0 allows remote malicious users to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
Finecms Project Finecms 2.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2023-38506
CVE-2024-37198
CVE-2023-45197
CVE-2024-38621
CVE-2024-30103
elevation of privilege
CVE-2024-0044
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »