CVE-2017-11178
CVE-2017-11178 affects FineCMS up to 2017-07-11. The vulnerability is in application/core/controller/style.php where route=style accepts contents and filename parameters, enabling remote attackers to write to arbitrary files. Because file extensions are not checked, a PHP file could be overwritte...