19 matches found
EUVD-2017-3241
Malware in sbrugna...
EUVD-2017-1563
Malware in sbrugna...
EUVD-2017-2606
Malware in sbrugna...
EUVD-2018-18638
Malware in sbrugna...
EUVD-2017-18187
Malware in sbrugna...
EUVD-2017-15567
Malware in sbrugna...
EUVD-2017-4313
Malware in sbrugna...
EUVD-2017-8040
Malware in sbrugna...
EUVD-2017-2812
Malware in sbrugna...
EUVD-2017-2834
Malware in sbrugna...
EUVD-2017-8090
Malware in sbrugna...
CVE-2018-18191
Cross-site request forgery CSRF vulnerability in /admin.php?c=member=edit=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password...
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...
CVE-2017-11586
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...
FineCms SQL Injection Vulnerability (CNVD-2017-18531)
FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A SQL injection vulnerability exists in FineCms version 5.0.9. A remote attacker can exploit this vulnerability to obtain all databases with the help of the 'catid' parameter in the...
FineCMS SQL Injection Vulnerability (CNVD-2017-15546)
FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. An SQL injection vulnerability exists in FineCMS versions 2017-07-12 and earlier. The vulnerability can be exploited by an attacker to obtain data from the database with the help of the...
CVE-2017-9251
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...
CVE-2017-6511
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...
finecms v1.9.5 has a local file inclusion vulnerability
FineCMS is a content management system based on PHP+MySql. A local file inclusion vulnerability exists in finecms v1.9.5. Allows attackers to upload webshell, gain server privileges, and cause information leakage...