Aggregates CVE and security vulnerability intelligence across all fangfa-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-35442 | FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php. | [email protected] | 9.8 | 0.81% | 2021-06-02 | 2024-11-21 |
| CVE-2020-35441 | FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | [email protected] | 9.8 | 0.26% | 2021-06-02 | 2024-11-21 |
| CVE-2018-17048 | admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection. | [email protected] | 7.5 | 0.32% | 2019-05-16 | 2024-11-21 |