CVE-2017-11584

Name of the Vulnerable Software and Affected Versions FineCms version 5.0.9

Description The issue concerns a SQL Injection flaw. It can be exploited via the field parameter in requests to "libraries/Template.php" with specific actions such as "module", "member", "form", or "related".

Recommendations For FineCms version 5.0.9, avoid using the field parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.