CVE-2017-7625
CVE-2017-7625 affects Fiyo CMS 2.x up to 2.0.7. An attacker can upload a webshell by sending the content parameter to /dapur/apps/app_theme/libs/save_file.php, enabling remote code execution. Multiple sources corroborate the same description (NVD, CNVD, CVE lists). The exact root cause is imprope...