Fiyo: >> Fiyo Cms >> 2.0 Security Vulnerabilities
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
CVSS Score
7.5
EPSS Score
0.179
Published
2017-10-16
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
CVSS Score
9.8
EPSS Score
0.242
Published
2017-10-16
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-04-10