Lucene search
K

21 matches found

Prion
Prion
added 2018/10/21 1:29 a.m.17 views

Design/Logic Flaw

Fiyo CMS 2.0.7 has XSS via the dapur\apps\appuser\edituser.php name parameter...

4.3CVSS6AI score0.00809EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/21 1:0 a.m.20 views

CVE-2018-18545

Fiyo CMS 2.0.7 has XSS via the dapur\apps\appuser\edituser.php name parameter...

6.1AI score0.00809EPSS
Exploits1References1
NVD
NVD
added 2017/12/04 8:29 a.m.15 views

CVE-2017-17103

Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...

8.8CVSS9.2AI score0.01181EPSS
Exploits1References1
Prion
Prion
added 2017/12/04 8:29 a.m.20 views

Sql injection

Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...

6.5CVSS9.1AI score0.01181EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/12/04 8:29 a.m.14 views

Arbitrary file deletion

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...

7.8CVSS7.5AI score0.01705EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/12/04 8:29 a.m.14 views

Sql injection

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...

5CVSS8AI score0.01084EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/12/04 8:0 a.m.24 views

CVE-2017-17102

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...

8AI score0.01084EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/12/04 8:0 a.m.18 views

CVE-2017-17103

Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...

9.2AI score0.01181EPSS
Exploits1References1
NVD
NVD
added 2017/08/30 9:29 a.m.19 views

CVE-2017-13778

Fiyo CMS 2.0.7 has XSS in dapur\apps\appconfig\sysconfig.php via the sitename parameter...

6.1CVSS6AI score0.00602EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/08/30 9:0 a.m.19 views

CVE-2017-13778

Fiyo CMS 2.0.7 has XSS in dapur\apps\appconfig\sysconfig.php via the sitename parameter...

6.1AI score0.00602EPSS
Exploits0References1
Prion
Prion
added 2017/07/26 8:29 a.m.13 views

Directory traversal

dapur\apps\appconfig\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853...

5CVSS7.6AI score0.01773EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/26 8:0 a.m.22 views

CVE-2017-11630

dapur\apps\appconfig\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853...

7.5AI score0.01773EPSS
Exploits0References1
Prion
Prion
added 2017/07/18 5:29 a.m.17 views

Sql injection

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/appcomment/controller/commentstatus.php via $GET'id'...

7.5CVSS9.8AI score0.00986EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/07/18 5:29 a.m.16 views

Sql injection

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...

7.5CVSS9.8AI score0.01022EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/07/18 5:29 a.m.22 views

CVE-2017-11419

Fiyo CMS 2.0.7 has SQL injection in /apps/apparticle/controller/editor.php via $POST'id' and $POST'arttitle'...

9.8CVSS9.9AI score0.00986EPSS
Exploits0References1
NVD
NVD
added 2017/07/18 5:29 a.m.15 views

CVE-2017-11417

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/articlestatus.php via $GET'id'...

9.8CVSS9.9AI score0.01022EPSS
Exploits0References1
NVD
NVD
added 2017/07/18 5:29 a.m.14 views

CVE-2017-11416

Fiyo CMS 2.0.7 has SQL injection in /apps/appcomment/controller/insert.php via the name parameter...

9.8CVSS9.9AI score0.00986EPSS
Exploits0References1
NVD
NVD
added 2017/07/18 5:29 a.m.15 views

CVE-2017-11413

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...

9.8CVSS9.9AI score0.01022EPSS
Exploits0References1
Prion
Prion
added 2017/07/18 5:29 a.m.14 views

Sql injection

Fiyo CMS 2.0.7 has SQL injection in /apps/apparticle/controller/editor.php via $POST'id' and $POST'arttitle'...

7.5CVSS9.8AI score0.00986EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/18 5:0 a.m.23 views

CVE-2017-11416

Fiyo CMS 2.0.7 has SQL injection in /apps/appcomment/controller/insert.php via the name parameter...

9.9AI score0.00986EPSS
Exploits0References1
Rows per page
Query Builder