Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
finecms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-11201
application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-11202
FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-6511
andrzuk/FineCMS prior to 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.
Finecms Project Finecms
7.5
CVSSv2
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
Finecms Finecms 5.2.0
4.3
CVSSv2
CVE-2018-7476
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>'...
Finecms Finecms 5.3.0
4.3
CVSSv2
CVE-2017-10967
In FineCMS prior to 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.
Finecms Project Finecms -
7.5
CVSSv2
CVE-2017-10968
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-10973
In FineCMS prior to 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
Finecms Project Finecms
5
CVSSv2
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote malicious users to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is no...
Finecms Project Finecms
4.3
CVSSv2
CVE-2017-11180
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.
Finecms Project Finecms -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »