mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-10 11:57:37 +02:00
0xMarcio
876 B
876 B
CVE-2017-11584
Description
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
POC
Reference
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-via-system-field-parameter
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-via-system-field-parameter