In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
References
Link | Resource |
---|---|
http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html | Exploit Mitigation Third Party Advisory |
Configurations
Information
Published : 2017-07-07 04:29
Updated : 2017-07-17 09:44
NVD link : CVE-2017-10968
Mitre link : CVE-2017-10968
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
finecms_project
- finecms