Vulnerabilities > Finecms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-24 | CVE-2017-11582 | SQL Injection vulnerability in Finecms 1.9.5/5.0.9 dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. | 9.8 |
2017-07-24 | CVE-2017-11581 | Cross-site Scripting vulnerability in Finecms 5.0.9 dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | 6.1 |