PT-2017-11819 · Finecms · Finecms

Lorexxar

Published

2017-07-13

Updated

2017-07-16

CVE-2017-11201

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions FineCMS through 2017-07-12

Description The issue allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action in the application/core/controller/images.php file.

Recommendations For FineCMS through 2017-07-12, consider restricting image upload capabilities for authenticated admins until a fix is available. As a temporary workaround, avoid using the image upload feature via the route=images action to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-11201

Affected Products

Finecms

PT-2017-11819 · Finecms · Finecms

CVE-2017-11201

Weakness Enumeration

Related Identifiers

Affected Products

References · 2