Finecms Project - Finecms CVE

Filtered by vendor Finecms Project Subscribe

Filtered by product Finecms

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-11178	1 Finecms Project	1 Finecms	2019-10-03	5.0 MEDIUM	7.5 HIGH
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.
CVE-2017-11200	1 Finecms Project	1 Finecms	2017-07-16	6.5 MEDIUM	8.8 HIGH
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.

Vulnerabilities (CVE)