Fiyo: >> Fiyo Cms >> 2.0.7 Security Vulnerabilities
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-18
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-18
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-18
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-18
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-18
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-07-17
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-05-09
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-04-10
Page 2