CVE-2017-10968

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0150%

EPSS Percentile42.83th

PublishedJul 7, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.

Affected Platforms (CPE)

📦

Finecms Project

Finecms

All versions

References & Advisories

🔗 http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html

Related Vulnerabilities

CVE-2017-115849.8

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related ...

CVE-2017-115839.8

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.

CVE-2017-115829.8

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

CVE-2017-115859.8

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, a...