CVE-2017-11200by Jeremyin Security Bulletinson Posted on July 13, 2017 SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.