CVE-2017-11167

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager “Add Site” action to enter this code after a ‘, sequence in a domain name, as demonstrated by the ‘,phpinfo() input value.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 788,158 bad guys.