CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11585

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile7.23th
PublishedJul 24, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.

Affected Platforms (CPE)

📦
Finecms

Finecms

= 5.0.9

References & Advisories

🔗 http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#remote-php-code-execution
🔗 http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#remote-php-code-execution

Related Vulnerabilities

CVE-2017-115829.8

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

CVE-2017-109689.8

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after...

CVE-2017-115839.8

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.

CVE-2017-115849.8

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related ...