Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
finecms finecms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-11582
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
Finecms Finecms
7.5
CVSSv2
CVE-2017-11583
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
Finecms Finecms
7.5
CVSSv2
CVE-2017-11584
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
Finecms Finecms
5.8
CVSSv2
CVE-2017-11586
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
Finecms Finecms
4.3
CVSSv2
CVE-2017-11629
dayrui FineCms up to and including 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
Finecms Finecms
5
CVSSv2
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote malicious users to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is no...
Finecms Project Finecms
4.3
CVSSv2
CVE-2017-11179
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-11180
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.
Finecms Project Finecms -
4.3
CVSSv2
CVE-2017-11198
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote malicious users to inject arbitrary web script or HTML via the folder, id, or name parameter.
Finecms Project Finecms -
6.5
CVSSv2
CVE-2017-11200
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
Finecms Project Finecms -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »