332 matches found
CVE-2018-7476
CVE-2018-7476 affects FineCms 5.3.0. A Cross Site Scripting (XSS) flaw exists in controllers/admin/Linkage.php reachable via id or lid in a c=linkage,m=import request to admin.php, where the xss_clean protection is bypassed by crafted input that omits ''. The vulnerability is documented across NV...
FineCms controllers/member/Api.php file SQL injection vulnerability
FineCms is a content management system CMS developed using MVC architecture and PDO database interface. A SQL injection vulnerability exists in the controllers/member/Api.php file in FineCms version 5.2.0, which stems from the program failing to perform effective filtering. A remote attacker can...
Sql injection
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
FineCms 5.2.0 is affected by an SQL injection in controllers/member/Api.php when handling requests with s=member,c=api,m=checktitle and a crafted module parameter, due to insufficient filtering. The issue enables arbitrary SQL execution via the vulnerable parameter, as reported in multiple source...
Code Execution Vulnerability in FineCMS Backend
FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A code execution vulnerability exists in the backend of finecms. An attacker can modify the background html template while injecting arbitrary code, resulting in arbitrary code...
finecms Weixin.php file cross-site scripting vulnerability
finecms is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the Weixin.php file in finecms version 5.0.10. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2017-1000429
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...
CVE-2017-1000429
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...
CVE-2017-1000429
Summary: CVE-2017-1000429 affects the CMS finecms 5.0.10 via a reflected XSS in the file Weixin.php . The vulnerability stems from insecure handling of input that is reflected back in the response, enabling arbitrary script injection. Multiple connected records (NVD/NVD-derived entries and nation...
CVE-2017-1000429
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...
Reflected cross-site scripting vulnerability in FineCMS Security.php file
FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A reflective cross-site scripting vulnerability exists in the FineCMS Security.php file. The vulnerability is due to insufficient checking and filtering of user-submitted request...
dayrui FineCms v5/config/system.php File Upload Vulnerability
dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. An upload vulnerability exists in the v5/config/system.php file in dayrui FineCms version 5.2.0, which is caused by the program...
CVE-2017-16920
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...
CVE-2017-16920
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...
Design/Logic Flaw
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...
CVE-2017-16920
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...
CVE-2017-16920
dayrui FineCms 5.2.0 is affected by CVE-2017-16920 due to a default SYS_KEY in v5/config/system.php that avoids key regeneration per installation. This allows remote attackers to upload arbitrary .php files through a member api swfupload action to index.php. The vulnerability description explicit...