Lucene search
K
Finecms ProjectFinecms

21 matches found

CVE
CVE
added 2017/07/13 1:0 a.m.61 views

CVE-2017-11198

CVE-2017-11198 is an XSS vulnerability in FineCMS, affecting the file /application/lib/ajax/get_image.php. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the folder, id, or name parameters in FineCMS releases up to 2017-07-12. Impact is described as cross...

6.1CVSS6AI score0.00785EPSS
Web
CVE
CVE
added 2017/09/07 5:0 p.m.57 views

CVE-2017-14195

The CVE-2017-14195 entry describes an XSS vulnerability in dayrui FineCms 5.0.11, specifically in the call_msg function of controllers/Form.php. The issue is triggered by the Referer HTTP header (noted for Internet Explorer) and is described across multiple sources as cross-site scripting, with p...

6.1CVSS5.9AI score0.00635EPSS
Web
CVE
CVE
added 2017/09/07 5:0 p.m.55 views

CVE-2017-14193

The CVE-2017-14193 entry concerns dayrui FineCms 5.0.11, where the oauth function in controllers/member/api.php is vulnerable to cross-site scripting via the Referer HTTP header when accessed from Internet Explorer. This is the explicit vulnerable component and vector described in the connected d...

6.1CVSS5.9AI score0.00635EPSS
CVE
CVE
added 2017/07/07 11:0 a.m.54 views

CVE-2017-10968

CVE-2017-10968 affects FineCMS versions up to 2017-07-07. The issue occurs in application/core/controller/template.php , where an attacker can achieve remote PHP code execution by placing code after the opening tag "

9.8CVSS9.6AI score0.02173EPSS
CVE
CVE
added 2017/09/07 5:0 p.m.54 views

CVE-2017-14192

The CVE-2017-14192 entry concerns dayrui FineCms 5.0.11, where the checktitle function in controllers/member/api.php is vulnerable to cross-site scripting (XSS) related to the module field. The available connected sources confirm the affected project and file, but do not provide executable exploi...

6.1CVSS5.9AI score0.00635EPSS
Web
CVE
CVE
added 2017/05/28 8:0 p.m.53 views

CVE-2017-9252

Vulnerability context: CVE-2017-9252 affects FineCMS up to 2017-05-28. It is a reflected Cross-Site Scripting (XSS) in the search page, exploitable via the text-search parameter to index.php with route=search. What’s affected: FineCMS’s search functionality (versions prior to or including 2017-05...

6.1CVSS5.9AI score0.00632EPSS
Web
CVE
CVE
added 2017/07/12 12:0 a.m.52 views

CVE-2017-11179

CVE-2017-11179 affects FineCMS up to 2017-07-11. The vulnerability is a stored XSS in two routes: route=admin (modifying user information) and route=register (registering a user account). The documents do not provide root-cause specifics beyond the XSS description, nor do they include remediation...

6.1CVSS5.9AI score0.00632EPSS
CVE
CVE
added 2017/07/13 1:0 a.m.52 views

CVE-2017-11201

The CVE-2017-11201 entry affects FineCMS, specifically the application/core/controller/images.php logic. The vulnerability allows XSS by uploading an image via route=images, exploited by remote authenticated admins. Affected versions are FineCMS up to 2017-07-12. The root cause is improper handli...

5.4CVSS5AI score0.00614EPSS
Web
CVE
CVE
added 2017/09/07 5:0 p.m.52 views

CVE-2017-14194

The CVE-2017-14194 entry concerns dayrui FineCms version 5.0.11, where the out function in controllers/member/Login.php is reported to have an XSS vulnerability related to the Referer HTTP header in Internet Explorer. Multiple connected records (NVD, Red Hat, CNVD, CVE list mirrors, and regional ...

6.1CVSS5.9AI score0.00635EPSS
Web
CVE
CVE
added 2017/03/07 7:0 p.m.50 views

CVE-2017-6511

Affected software: andrzuk/FineCMS (versions before 2017-03-06). Vulnerability: reflected XSS in index.php due to missing validation of the action parameter in application/classes/application.php. Impact (as stated): allows reflected XSS, with no other impacts detailed in the provided documents. ...

6.1CVSS5.9AI score0.00732EPSS
Web
CVE
CVE
added 2018/01/09 9:0 p.m.49 views

CVE-2017-1000429

Summary: CVE-2017-1000429 affects the CMS finecms 5.0.10 via a reflected XSS in the file Weixin.php . The vulnerability stems from insecure handling of input that is reflected back in the response, enabling arbitrary script injection. Multiple connected records (NVD/NVD-derived entries and nation...

6.1CVSS5.9AI score0.00829EPSS
CVE
CVE
added 2017/07/12 12:0 a.m.49 views

CVE-2017-11178

CVE-2017-11178 affects FineCMS up to 2017-07-11. The vulnerability is in application/core/controller/style.php where route=style accepts contents and filename parameters, enabling remote attackers to write to arbitrary files. Because file extensions are not checked, a PHP file could be overwritte...

7.5CVSS7.5AI score0.00529EPSS
Web
CVE
CVE
added 2017/07/12 12:0 a.m.49 views

CVE-2017-11180

CVE-2017-11180 affects FineCMS up to 2017-07-11; the issue is a stored XSS in the logging functionality. The payloads demonstrated involve (1) the User-Agent header of HTTP requests and (2) the username entered on the login screen. The root cause is that log processing allows XSS content to be st...

6.1CVSS5.9AI score0.00632EPSS
CVE
CVE
added 2017/08/25 5:0 p.m.48 views

CVE-2017-13697

CVE-2017-13697 affects Dayrui FineCMS 5.0.11 via an XSS flaw in controllers/member/api.php related to the dirname variable. The vulnerability allows injection of arbitrary scripts/HTML in contexts that reflect the input, enabling potential user‑level execution or social engineering. Exploitation ...

6.1CVSS5.9AI score0.00781EPSS
Web
CVE
CVE
added 2017/08/09 9:0 p.m.47 views

CVE-2017-12774

CVE-2017-12774 affects FineCMS 1.9.5, with a vulnerability in the file controllers/member/ContentController.php that allows remote attackers to manipulate the website database. Multiple connected sources describe an SQL injection risk in this controller, enabling unauthorized database operations....

9.8CVSS9.3AI score0.01524EPSS
CVE
CVE
added 2017/05/28 8:0 p.m.47 views

CVE-2017-9251

FineCMS prior to 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter of admin.php. The vulnerability is confirmed across multiple sources; the root cause is unsanitized input reflected in the sitename field. Impact is XSS (arbitrary script/HTML execution) in affected pages. Expl...

6.1CVSS5.9AI score0.00632EPSS
Web
CVE
CVE
added 2017/07/06 4:0 p.m.46 views

CVE-2017-10973

FineCMS before 2017-07-06 is affected by a server-side request forgery (SSRF) in application/lib/ajax/get_image_data.php, related to processing requests for non-image files with a modified HTTP Host header. Root cause appears to be improper handling of user-controlled Host header leading to unint...

6.5CVSS6.4AI score0.00832EPSS
CVE
CVE
added 2017/07/12 1:0 p.m.46 views

CVE-2017-11167

CVE-2017-11167 affects FineCMS 2.1.0. The vulnerability allows remote attackers to execute arbitrary PHP code by abusing the URL Manager’s “Add Site” action: entering code after a ', sequence in a domain name, demonstrated with ',phpinfo()'. Connected CNVD/CNVD-2017-15550 and NVD entries corrobor...

9.8CVSS9.6AI score0.01524EPSS
CVE
CVE
added 2017/07/13 1:0 a.m.46 views

CVE-2017-11202

CVE-2017-11202 refers to a FineCMS vulnerability up to 2017-07-12 where XSS is possible in visitors.php because JavaScript in visited URLs is not restricted during logging or when reading logs. This is described as a different vulnerability from CVE-2017-11180. Connected sources confirm broader X...

6.1CVSS6AI score0.00669EPSS
CVE
CVE
added 2017/07/13 1:0 a.m.45 views

CVE-2017-11200

CVE-2017-11200 is a SQL injection vulnerability in FineCMS, present through 2017-07-12, exploitable via the visitor_ip parameter in application/core/controller/excludes.php. Public records (NVD and related CVE lists) indicate a high-severity impact (CVSS-3 base score 8.8) with network access, low...

8.8CVSS9.1AI score0.00997EPSS
Web
CVE
CVE
added 2017/07/06 4:0 p.m.40 views

CVE-2017-10967

Affected software: FineCMS (before 2017-07-06). Vulnerable component: application/core/controller/config.php. Vulnerability type: Cross-site scripting (XSS). Affected parameters: key_name, key_value, and meaning. Root cause / details: The available descriptions indicate that FineCMS allows XSS vi...

6.1CVSS6AI score0.00774EPSS