CVE-2017-10968

Name of the Vulnerable Software and Affected Versions FineCMS through 2017-07-07

Description The issue allows remote PHP code execution. This can be achieved by placing the code after "<?php" in a route=template request, specifically in the application/core/controller/template.php file.

Recommendations For FineCMS versions through 2017-07-07, consider restricting access to the template.php file in the application/core/controller directory to minimize the risk of exploitation. As a temporary workaround, avoid using the route=template request until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.