CVE-2017-11167

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1700%

EPSS Percentile26.72th

PublishedJul 12, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.

Affected Platforms (CPE)

📦

Finecms Project

Finecms

= 2.1.0

References & Advisories

🔗 http://www.03sec.com/3169.shtml

Related Vulnerabilities

CVE-2017-115829.8

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

CVE-2017-109689.8

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after...

CVE-2017-115839.8

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.

CVE-2017-115849.8

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related ...