Arbitrary PHP Code Execution in FineCMS 2.1.0 via URL Manager Add Site Action

Arbitrary PHP Code Execution in FineCMS 2.1.0 via URL Manager Add Site Action

CVE-2017-11167 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.

Learn more about our Cms Pen Testing.