Lucene search

Fiyo Cms Security Vulnerabilities

cve

CVE-2020-35373

In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS...

6.1CVSS

6.6AI Score

0.001EPSS

2021-06-17 04:15 PM

cve

CVE-2018-18545

Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name...

6.1CVSS

5.9AI Score

0.001EPSS

2018-10-21 01:29 AM

cve

CVE-2017-17104

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or...

7.5CVSS

7.4AI Score

0.003EPSS

2017-12-04 08:29 AM

cve

CVE-2017-17102

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via...

7.5CVSS

8.6AI Score

0.002EPSS

2017-12-04 08:29 AM

cve

CVE-2017-17103

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator...

8.8CVSS

8.7AI Score

0.001EPSS

2017-12-04 08:29 AM

cve

CVE-2015-3934

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to...

9.8CVSS

10AI Score

0.001EPSS

2017-11-21 03:29 PM

cve

CVE-2014-9147

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in...

7.5CVSS

8.8AI Score

0.003EPSS

2017-10-16 03:29 PM

cve

CVE-2014-9148

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to...

9.8CVSS

9.4AI Score

0.004EPSS

2017-10-16 03:29 PM

cve

CVE-2017-13778

Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name...

6.1CVSS

6.5AI Score

0.001EPSS

2017-08-30 09:29 AM

cve

CVE-2017-11630

dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than...

7.5CVSS

7.6AI Score

0.002EPSS

2017-07-26 08:29 AM

cve

CVE-2017-11631

dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-26 08:29 AM

cve

CVE-2017-11416

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11417

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11413

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11415

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11418

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $GET['cat'], $_GET['user'], $_GET['level'], and...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11412

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11414

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11419

Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-18 05:29 AM

cve

CVE-2017-11354

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag...

9.8CVSS

8.6AI Score

0.001EPSS

2017-07-17 01:18 PM

cve

CVE-2017-8853

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db...

7.5CVSS

7.6AI Score

0.001EPSS

2017-05-09 04:29 PM

cve

CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute...

9.8CVSS

7.7AI Score

0.012EPSS

2017-04-10 05:59 PM

cve

CVE-2017-6823

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit...

8.8CVSS

8.4AI Score

0.014EPSS

2017-03-12 05:59 AM

cve

CVE-2014-9145

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter....

10AI Score

0.002EPSS

2015-04-14 02:59 PM

cve

CVE-2014-9146

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to...

8.1AI Score

0.001EPSS

2015-04-14 02:59 PM

cve

CVE-2014-4032

Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama...

5.9AI Score

0.002EPSS

2014-06-11 02:55 PM