Finecms: >> Finecms >> 5.0.9 Security Vulnerabilities
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-07-26
dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-24
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-24
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-24
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-24
dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-07-24
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
CVSS Score
6.1
EPSS Score
0.066
Published
2017-07-24