21 matches found
Design/Logic Flaw
Fiyo CMS 2.0.7 has XSS via the dapur\apps\appuser\edituser.php name parameter...
CVE-2018-18545
Fiyo CMS 2.0.7 has XSS via the dapur\apps\appuser\edituser.php name parameter...
CVE-2017-17103
Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...
Sql injection
Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...
Arbitrary file deletion
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...
Sql injection
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...
CVE-2017-17102
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...
CVE-2017-17103
Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...
CVE-2017-13778
Fiyo CMS 2.0.7 has XSS in dapur\apps\appconfig\sysconfig.php via the sitename parameter...
CVE-2017-13778
Fiyo CMS 2.0.7 has XSS in dapur\apps\appconfig\sysconfig.php via the sitename parameter...
Directory traversal
dapur\apps\appconfig\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853...
CVE-2017-11630
dapur\apps\appconfig\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853...
Sql injection
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/appcomment/controller/commentstatus.php via $GET'id'...
Sql injection
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...
CVE-2017-11419
Fiyo CMS 2.0.7 has SQL injection in /apps/apparticle/controller/editor.php via $POST'id' and $POST'arttitle'...
CVE-2017-11417
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/articlestatus.php via $GET'id'...
CVE-2017-11416
Fiyo CMS 2.0.7 has SQL injection in /apps/appcomment/controller/insert.php via the name parameter...
CVE-2017-11413
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...
Sql injection
Fiyo CMS 2.0.7 has SQL injection in /apps/apparticle/controller/editor.php via $POST'id' and $POST'arttitle'...
CVE-2017-11416
Fiyo CMS 2.0.7 has SQL injection in /apps/appcomment/controller/insert.php via the name parameter...