CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-11582

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile5.61th
Published2017年7月24日
Last Modified2026年5月13日

Vulnerability Description

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.

Affected Platforms (CPE)

📦
Finecms

Finecms

<= 5.0.9

References & Advisories

🔗 http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-after-limit-via-system-num-parameter
🔗 http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-after-limit-via-system-num-parameter

関連する脆弱性情報

CVE-2017-115849.8

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related ...

CVE-2017-109689.8

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after...

CVE-2017-115839.8

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.

CVE-2017-115859.8

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, a...