In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.yuesec.com/img/cccccve/finecms_writefile/finecmswritefile_2017_07_011_subm1t.html | Exploit Third Party Advisory | 
| http://www.yuesec.com/img/cccccve/finecms_writefile/finecmswritefile_2017_07_011_subm1t.html | Exploit Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2017-07-12 00:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-11178
Mitre link : CVE-2017-11178
CVE.ORG link : CVE-2017-11178
JSON object : View
Products Affected
                finecms_project
- finecms
CWE
                
                    
                        
                        CWE-345
                        
            Insufficient Verification of Data Authenticity
