CVE-2017-11167

Name of the Vulnerable Software and Affected Versions FineCMS version 2.1.0

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by using a URL Manager "Add Site" action and entering the code after a ' sequence in a domain name. For example, using the phpinfo() input value demonstrates this capability.

Recommendations For FineCMS version 2.1.0, update to a version that fixes this issue to prevent remote attackers from executing arbitrary PHP code. As a temporary workaround, consider restricting access to the URL Manager "Add Site" action to minimize the risk of exploitation.