CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:finecms:finecms:5.2.0:*:*:*:*:*:*:*

Information

Published : 2017-11-21 05:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-16920

Mitre link : CVE-2017-16920


JSON object : View

Advertisement

dedicated server usa

Products Affected

finecms

  • finecms