CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/97571
https://github.com/Xyntax/POC-T/blob/2.0/script/fiyo2.0.7-getshell.py
http://www.securityfocus.com/bid/97571
https://github.com/Xyntax/POC-T/blob/2.0/script/fiyo2.0.7-getshell.py

Products affected by CVE-2017-7625

Fiyo » Fiyo Cms » Version: 2.0

cpe:2.3:a:fiyo:fiyo_cms:2.0
Fiyo » Fiyo Cms » Version: 2.0.1.6

cpe:2.3:a:fiyo:fiyo_cms:2.0.1.6
Fiyo » Fiyo Cms » Version: 2.0.1.8

cpe:2.3:a:fiyo:fiyo_cms:2.0.1.8
Fiyo » Fiyo Cms » Version: 2.0.2.1

cpe:2.3:a:fiyo:fiyo_cms:2.0.2.1
Fiyo » Fiyo Cms » Version: 2.0.6

cpe:2.3:a:fiyo:fiyo_cms:2.0.6
Fiyo » Fiyo Cms » Version: 2.0.7

cpe:2.3:a:fiyo:fiyo_cms:2.0.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7625

Products

Pricing

Contact Us