FineCms controllers/member/Api.php file SQL injection vulnerability

FineCms is a content management system CMS developed using MVC architecture and PDO database interface. A SQL injection vulnerability exists in the controllers/member/Api.php file in FineCms version 5.2.0, which stems from the program failing to perform effective filtering. A remote attacker can...

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...