FineCMS 2.1.0 allows remote malicious users to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
finecms project finecms 2.1.0 |