PT-2017-11819 · Finecms · Finecms
Lorexxar
·
Publicado
2017-07-13
·
Atualizado
2017-07-16
·
CVE-2017-11201
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
FineCMS through 2017-07-12
Description
The issue allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action in the application/core/controller/images.php file.
Recommendations
For FineCMS through 2017-07-12, consider restricting image upload capabilities for authenticated admins until a fix is available. As a temporary workaround, avoid using the image upload feature via the route=images action to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Finecms