Lucene search
K

332 matches found

CVE
CVE
added 2018/02/25 7:0 p.m.40 views

CVE-2018-7476

CVE-2018-7476 affects FineCms 5.3.0. A Cross Site Scripting (XSS) flaw exists in controllers/admin/Linkage.php reachable via id or lid in a c=linkage,m=import request to admin.php, where the xss_clean protection is bypassed by crafted input that omits ''. The vulnerability is documented across NV...

6.1CVSS6AI score0.0085EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/02/13 12:0 a.m.6 views

FineCms controllers/member/Api.php file SQL injection vulnerability

FineCms is a content management system CMS developed using MVC architecture and PDO database interface. A SQL injection vulnerability exists in the controllers/member/Api.php file in FineCms version 5.2.0, which stems from the program failing to perform effective filtering. A remote attacker can...

9.8CVSS8.2AI score0.02548EPSS
Exploits0References1
Prion
Prion
added 2018/02/12 2:29 p.m.16 views

Sql injection

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

7.5CVSS9.5AI score0.02548EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/02/12 2:29 p.m.25 views

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

9.8CVSS9.7AI score0.02548EPSS
Exploits0References1
OSV
OSV
added 2018/02/12 2:29 p.m.7 views

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

9.8CVSS5.8AI score0.02548EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/12 2:0 p.m.25 views

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

9.7AI score0.02548EPSS
Exploits0References1
CVE
CVE
added 2018/02/12 2:0 p.m.59 views

CVE-2018-6893

FineCms 5.2.0 is affected by an SQL injection in controllers/member/Api.php when handling requests with s=member,c=api,m=checktitle and a crafted module parameter, due to insufficient filtering. The issue enables arbitrary SQL execution via the vulnerable parameter, as reported in multiple source...

9.8CVSS9.5AI score0.02548EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/01/29 12:0 a.m.2 views

Code Execution Vulnerability in FineCMS Backend

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A code execution vulnerability exists in the backend of finecms. An attacker can modify the background html template while injecting arbitrary code, resulting in arbitrary code...

8.3AI score
Exploits0
CNVD
CNVD
added 2018/01/11 12:0 a.m.5 views

finecms Weixin.php file cross-site scripting vulnerability

finecms is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the Weixin.php file in finecms version 5.0.10. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00829EPSS
Exploits1References1
OSV
OSV
added 2018/01/09 9:29 p.m.0 views

CVE-2017-1000429

rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2018/01/09 9:29 p.m.22 views

CVE-2017-1000429

rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...

6.1CVSS6AI score0.00829EPSS
Exploits1References1
CVE
CVE
added 2018/01/09 9:0 p.m.50 views

CVE-2017-1000429

Summary: CVE-2017-1000429 affects the CMS finecms 5.0.10 via a reflected XSS in the file Weixin.php . The vulnerability stems from insecure handling of input that is reflected back in the response, enabling arbitrary script injection. Multiple connected records (NVD/NVD-derived entries and nation...

6.1CVSS5.9AI score0.00829EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/01/09 9:0 p.m.30 views

CVE-2017-1000429

rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php...

6AI score0.00829EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/05 12:0 a.m.3 views

Reflected cross-site scripting vulnerability in FineCMS Security.php file

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A reflective cross-site scripting vulnerability exists in the FineCMS Security.php file. The vulnerability is due to insufficient checking and filtering of user-submitted request...

5.7AI score
Exploits0
CNVD
CNVD
added 2017/11/22 12:0 a.m.11 views

dayrui FineCms v5/config/system.php File Upload Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. An upload vulnerability exists in the v5/config/system.php file in dayrui FineCms version 5.2.0, which is caused by the program...

9.8CVSS7.2AI score0.02141EPSS
Exploits0References1
OSV
OSV
added 2017/11/21 1:29 p.m.7 views

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

9.8CVSS5.9AI score0.02141EPSS
Exploits0References2
NVD
NVD
added 2017/11/21 1:29 p.m.18 views

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

9.8CVSS9.5AI score0.02141EPSS
Exploits0References2
Prion
Prion
added 2017/11/21 1:29 p.m.19 views

Design/Logic Flaw

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

7.5CVSS9.3AI score0.02141EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/11/21 1:0 p.m.19 views

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

9.5AI score0.02141EPSS
Exploits0References2
CVE
CVE
added 2017/11/21 1:0 p.m.47 views

CVE-2017-16920

dayrui FineCms 5.2.0 is affected by CVE-2017-16920 due to a default SYS_KEY in v5/config/system.php that avoids key regeneration per installation. This allows remote attackers to upload arbitrary .php files through a member api swfupload action to index.php. The vulnerability description explicit...

9.8CVSS9.3AI score0.02141EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder