Arbitrary File Write Vulnerability in FineCMS through 2017-07-11

Arbitrary File Write Vulnerability in FineCMS through 2017-07-11

CVE-2017-11178 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.

Learn more about our Cms Pen Testing.