SUSE CVE-2017-11354

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/apparticle/sysarticle.php via the name parameter in editing or adding a tag name...

CVE-2018-18545

Fiyo CMS 2.0.7 has XSS via the dapur\apps\appuser\edituser.php name parameter...

Arbitrary file deletion

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...

CVE-2017-11418

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/articlelist.php via $GET'cat', $GET'user', $GET'level', and $GET'iSortCol'.$i...

Fiyo CMS Arbitrary File Upload Vulnerability

Fiyo CMS is a content management system CMS for creating CMS templates. A security vulnerability exists in Fiyo CMS versions 2.x through 2.0.7. The vulnerability can be exploited by an attacker to execute code by sending the 'content' parameter to the file /dapur/apps/apptheme/libs/savefile.php...