Remote PHP Code Execution in dayrui FineCms 5.0.9 via Eval Injection in libraries/Template.php

Remote PHP Code Execution in dayrui FineCms 5.0.9 via Eval Injection in libraries/Template.php

CVE-2017-11585 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.

Learn more about our Cms Pen Testing.