CVE-2017-11582

Name of the Vulnerable Software and Affected Versions FineCms version 5.0.9

Description The issue concerns a SQL Injection flaw. It can be exploited via the num parameter in requests to "libraries/Template.php" with either "action=related" or "action=tags".

Recommendations For FineCms version 5.0.9, avoid using the num parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.