Lucene search
K

332 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:33 a.m.9 views

CVE-2017-11179

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...

6.1CVSS5.9AI score0.00632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:18 a.m.8 views

CVE-2017-13697

controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 a.m.5 views

CVE-2017-11178

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...

7.5CVSS7.7AI score0.00529EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:59 a.m.5 views

CVE-2017-6511

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...

6.1CVSS6AI score0.00732EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:58 a.m.8 views

CVE-2017-1000429

rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...

6.1CVSS6.3AI score0.00829EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:34 a.m.9 views

CVE-2017-14192

The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field...

6.1CVSS6.1AI score0.00635EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:24 a.m.11 views

CVE-2017-11180

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

6.1CVSS5.8AI score0.00632EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/20 12:0 a.m.1 views

Command Execution Vulnerability in FineCMS

FineCMS is a content management system based on PHP+MySql. FineCMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...

7.5AI score
Exploits0
OSV
OSV
added 2018/10/09 8:29 p.m.7 views

CVE-2018-18191

Cross-site request forgery CSRF vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password...

8.8CVSS5.8AI score0.00806EPSS
Exploits1References1
CVE
CVE
added 2018/10/09 8:0 p.m.44 views

CVE-2018-18191

CVE-2018-18191 describes a Cross‑Site Request Forgery (CSRF) vulnerability in Dayrui FineCms 5.4, specifically in /admin.php?c=member&m=edit&uid=1, which allows remote attackers to change the administrator’s password. The connected documents confirm the affected product/version and the vulnerable...

8.8CVSS8.7AI score0.00806EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2018/03/13 12:0 a.m.153 views

FineCMS v5.2.0 SQL注入

在/finecms/dayrui/controllers/Api.php第45行: template-cron = 0; $GET'page' = max1, int$this-input-get'page'; $params = drstring2arrayurldecode$this-input-get'params'; $params'get' = @jsondecodeurldecode$this-input-get'get', TRUE; $this-template-assign$params; $name = strreplacearray'\', '/', '..',...

0.3AI score
Exploits0
CNVD
CNVD
added 2018/03/05 12:0 a.m.2 views

Stored cross-site scripting vulnerability in FineCMS core\M_Controller.php file

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A stored cross-site scripting vulnerability exists in the FineCMS core\MController.php file. The vulnerability is due to the default situation in the FineCMS message board does not handle the input...

6.2AI score
Exploits0
CNVD
CNVD
added 2018/03/02 12:0 a.m.3 views

Remote Command Execution Vulnerability in Finecms V5.3.0 Backend

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A remote command execution vulnerability exists in the backend of Finecms V5.3.0, which can be exploited by an attacker to write Trojan scripts to gain control of the server...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/02/28 12:0 a.m.1 views

Code Execution Vulnerability in FineCMS

finecms is a content management system CMS developed using MVC architecture and PDO database interface. A code execution vulnerability exists in the FineCMS finecms\finecms\dayrui\libraries\Dconfig.php file, which originates from an improperly written configuration file and can be exploited by an...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/02/28 12:0 a.m.1 views

XSS Vulnerability in FineCMS Version 5.3.0

FineCMS Free, Enterprise, Public Benefit is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. An XSS vulnerability exists in FineCMS version 5.3.0, which stems from insufficient filtering of received parameters, and can be exploited by remot...

6.5AI score
Exploits0References1
CNVD
CNVD
added 2018/02/28 12:0 a.m.0 views

Command Execution Vulnerability in FineCMS Version 5.3.0 Site.php File

FineCMS Free, Enterprise, Public Benefit is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A command execution vulnerability exists in the Site.php file of FineCMS version 5.3.0. The vulnerability is due to insufficient filtering of...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/02/26 12:0 a.m.6 views

FineCms Cross-Site Scripting Vulnerability (CNVD-2018-06305)

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A cross-site scripting vulnerability exists in controllers/admin/Linkage.php in dayrui FineCms version 5.3.0. The vulnerability is caused due to an xssclean protection mechanism th...

6.1CVSS6.2AI score0.0085EPSS
Exploits0References1
NVD
NVD
added 2018/02/25 7:29 p.m.26 views

CVE-2018-7476

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...

6.1CVSS6AI score0.0085EPSS
Exploits0References2
OSV
OSV
added 2018/02/25 7:29 p.m.4 views

CVE-2018-7476

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...

6.1CVSS5.8AI score0.0085EPSS
Exploits0References2
Prion
Prion
added 2018/02/25 7:29 p.m.16 views

Cross site scripting

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...

4.3CVSS6AI score0.0085EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder