Show filters
33 Total Results
Displaying 1-10 of 33
Sort by:
Attacker Value
Unknown

CVE-2018-18191

Disclosure Date: October 09, 2018 (last updated November 27, 2024)
Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password.
0
0
Attacker Value
Unknown

CVE-2018-7476

Disclosure Date: February 25, 2018 (last updated February 15, 2024)
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.
0
0
Attacker Value
Unknown

CVE-2018-6893

Disclosure Date: February 12, 2018 (last updated November 26, 2024)
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
0
0
Attacker Value
Unknown

CVE-2017-1000429

Disclosure Date: January 09, 2018 (last updated November 26, 2024)
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.
0
0
Attacker Value
Unknown

CVE-2017-16920

Disclosure Date: November 21, 2017 (last updated November 26, 2024)
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php.
0
0
Attacker Value
Unknown

CVE-2017-16866

Disclosure Date: November 16, 2017 (last updated November 26, 2024)
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
0
0
Attacker Value
Unknown

CVE-2017-14194

Disclosure Date: September 07, 2017 (last updated November 26, 2024)
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
0
0
Attacker Value
Unknown

CVE-2017-14193

Disclosure Date: September 07, 2017 (last updated November 26, 2024)
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
0
0
Attacker Value
Unknown

CVE-2017-14192

Disclosure Date: September 07, 2017 (last updated November 26, 2024)
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
0
0
Attacker Value
Unknown

CVE-2017-14195

Disclosure Date: September 07, 2017 (last updated November 26, 2024)
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.
0
0
View More Topics  Next >