Vulnerabilities > Finecms

DATE CVE VULNERABILITY TITLE RISK
2017-07-24 CVE-2017-11582 SQL Injection vulnerability in Finecms 1.9.5
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
network
low complexity
finecms CWE-89
7.5
2017-07-24 CVE-2017-11581 Cross-site Scripting vulnerability in Finecms 5.0.9
dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.
network
finecms CWE-79
4.3