CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-11584

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile44.22th
Published2017年7月24日
Last Modified2026年5月13日

Vulnerability Description

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.

Affected Platforms (CPE)

📦
Finecms

Finecms

<= 5.0.9

References & Advisories

🔗 http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-via-system-field-parameter
🔗 http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-via-system-field-parameter

関連する脆弱性情報

CVE-2017-115829.8

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

CVE-2017-109689.8

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after...

CVE-2017-115839.8

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.

CVE-2017-115859.8

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, a...