11 matches found
CVE-2017-11584
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php...
CVE-2017-11586
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...
Sql injection
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php...
Code injection
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...
CVE-2017-11583
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php...
Sql injection
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php...
Cross site scripting
dayrui FineCms 5.0.9 has Cross Site Scripting XSS in admin/Login.php via a payload in the username field that does not begin with a '' character...
CVE-2017-11584
dayrui FineCms 5.0.9 is affected by an SQL Injection in the field parameter used in actions=module, action=member, action=form, or action=related, targeting libraries/Template.php. The vulnerability is described across multiple sources (NVD/CNVD/PRION/CVE lists) with no explicit public fix/versio...
CVE-2017-11586
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...
CVE-2017-11581
dayrui FineCms 5.0.9 has Cross Site Scripting XSS in admin/Login.php via a payload in the username field that does not begin with a '' character...
CVE-2017-11583
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php...