CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-10973

In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

https://github.com/andrzuk/FineCMS/pull/10
https://github.com/andrzuk/FineCMS/pull/11
https://github.com/andrzuk/FineCMS/pull/10
https://github.com/andrzuk/FineCMS/pull/11

Products affected by CVE-2017-10973

Finecms Project » Finecms » Version: N/A

cpe:2.3:a:finecms_project:finecms:-
Finecms Project » Finecms » Version: 2.1.0

cpe:2.3:a:finecms_project:finecms:2.1.0
Finecms Project » Finecms » Version: 2017-02-10

cpe:2.3:a:finecms_project:finecms:2017-02-10
Finecms Project » Finecms » Version: 2017-05-12

cpe:2.3:a:finecms_project:finecms:2017-05-12
Finecms Project » Finecms » Version: 5.0.10

cpe:2.3:a:finecms_project:finecms:5.0.10
Finecms Project » Finecms » Version: 5.0.11

cpe:2.3:a:finecms_project:finecms:5.0.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-10973

Products

Pricing

Contact Us