CVE-2017-10968

In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt