Arbitrary PHP Code Execution in FineCMS 2.1.0 via URL Manager Add Site Action
CVE-2017-11167 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
Learn more about our Cms Pen Testing.