332 matches found
CVE-2017-11179
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...
CVE-2017-13697
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable...
CVE-2017-11178
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...
CVE-2017-6511
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...
CVE-2017-1000429
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...
CVE-2017-14192
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field...
CVE-2017-11180
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...
Command Execution Vulnerability in FineCMS
FineCMS is a content management system based on PHP+MySql. FineCMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...
CVE-2018-18191
Cross-site request forgery CSRF vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password...
CVE-2018-18191
CVE-2018-18191 describes a Cross‑Site Request Forgery (CSRF) vulnerability in Dayrui FineCms 5.4, specifically in /admin.php?c=member&m=edit&uid=1, which allows remote attackers to change the administrator’s password. The connected documents confirm the affected product/version and the vulnerable...
FineCMS v5.2.0 SQL注入
在/finecms/dayrui/controllers/Api.php第45行: template-cron = 0; $GET'page' = max1, int$this-input-get'page'; $params = drstring2arrayurldecode$this-input-get'params'; $params'get' = @jsondecodeurldecode$this-input-get'get', TRUE; $this-template-assign$params; $name = strreplacearray'\', '/', '..',...
Stored cross-site scripting vulnerability in FineCMS core\M_Controller.php file
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A stored cross-site scripting vulnerability exists in the FineCMS core\MController.php file. The vulnerability is due to the default situation in the FineCMS message board does not handle the input...
Remote Command Execution Vulnerability in Finecms V5.3.0 Backend
FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A remote command execution vulnerability exists in the backend of Finecms V5.3.0, which can be exploited by an attacker to write Trojan scripts to gain control of the server...
Code Execution Vulnerability in FineCMS
finecms is a content management system CMS developed using MVC architecture and PDO database interface. A code execution vulnerability exists in the FineCMS finecms\finecms\dayrui\libraries\Dconfig.php file, which originates from an improperly written configuration file and can be exploited by an...
XSS Vulnerability in FineCMS Version 5.3.0
FineCMS Free, Enterprise, Public Benefit is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. An XSS vulnerability exists in FineCMS version 5.3.0, which stems from insufficient filtering of received parameters, and can be exploited by remot...
Command Execution Vulnerability in FineCMS Version 5.3.0 Site.php File
FineCMS Free, Enterprise, Public Benefit is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A command execution vulnerability exists in the Site.php file of FineCMS version 5.3.0. The vulnerability is due to insufficient filtering of...
FineCms Cross-Site Scripting Vulnerability (CNVD-2018-06305)
FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A cross-site scripting vulnerability exists in controllers/admin/Linkage.php in dayrui FineCms version 5.3.0. The vulnerability is caused due to an xssclean protection mechanism th...
CVE-2018-7476
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...
CVE-2018-7476
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...
Cross site scripting
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...