edit-icon download-icon

[Vulnerability notice] CNVD-2017-11821: Code execution vulnerability in FineCMS foreground tx parameters

Last Updated: Apr 08, 2018

On July 31, 2017, CNVD issued a security notice about a FineCMS vulnerability. The FineCMS 5.0.7 front-end tx parameters contain a code execution vulnerability. The vulnerability allows a remote attacker to run arbitrary code without logon and obtain server permissions, resulting in a high security risk.

See the following for more information about the vulnerability.


CVE identifier

CNVD-2017-11821

Vulnerability name

Code execution vulnerability in FineCMS foreground tx parameters

Vulnerability rating

High

Vulnerability description

The FineCMS 5.0.7 front-end tx parameters contain a code execution vulnerability, which allows a remote attacker to run arbitrary code without logon.

Condition and method of exploitation

Remote exploitation

Affected scope

FineCMS 5.0.7

Vulnerability detection

Check whether the FineCMS version is 5.0.7.

How to fix or mitigate

Upgrade FineCMS to the latest official version.

Thank you! We've received your feedback.