CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11178

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2017-11178

Finecms Project » Finecms » Version: N/A

cpe:2.3:a:finecms_project:finecms:-
Finecms Project » Finecms » Version: 2.1.0

cpe:2.3:a:finecms_project:finecms:2.1.0
Finecms Project » Finecms » Version: 2017-02-10

cpe:2.3:a:finecms_project:finecms:2017-02-10
Finecms Project » Finecms » Version: 2017-05-12

cpe:2.3:a:finecms_project:finecms:2017-05-12
Finecms Project » Finecms » Version: 5.0.10

cpe:2.3:a:finecms_project:finecms:5.0.10
Finecms Project » Finecms » Version: 5.0.11

cpe:2.3:a:finecms_project:finecms:5.0.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11178

Products

Pricing

Contact Us