Fiyo Cms Security Vulnerabilities and Issues — Fiyo Cms CVE List

Lucene search

FiyoFiyo Cms

26 matches found

CVE•added 2017/10/16 3:29 p.m.•52 views

CVE-2014-9147

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.

7.5CVSS7.6AI score0.17919EPSS

CVE•added 2017/10/16 3:29 p.m.•51 views

CVE-2014-9148

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.

9.8CVSS9.4AI score0.24232EPSS

CVE•added 2017/03/12 5:59 a.m.•50 views

CVE-2017-6823

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.

8.8CVSS8.4AI score0.06845EPSS

CVE•added 2017/07/18 5:29 a.m.•49 views

CVE-2017-11414

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2015/04/14 2:59 p.m.•48 views

CVE-2014-9145

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter ...

7.5CVSS10AI score0.01016EPSS

CVE•added 2017/07/18 5:29 a.m.•47 views

CVE-2017-11418

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $GET['iSortCol '.$i].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2015/04/14 2:59 p.m.•46 views

CVE-2014-9146

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.

4.3CVSS7.8AI score0.00434EPSS

CVE•added 2017/04/10 5:59 p.m.•46 views

CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.

9.8CVSS9.4AI score0.0146EPSS

CVE•added 2017/07/17 1:18 p.m.•45 views

CVE-2017-11354

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.

9.8CVSS9.7AI score0.00233EPSS

CVE•added 2017/11/21 3:29 p.m.•44 views

CVE-2015-3934

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.

9.8CVSS10AI score0.01345EPSS

CVE•added 2017/07/18 5:29 a.m.•44 views

CVE-2017-11416

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2017/07/18 5:29 a.m.•43 views

CVE-2017-11417

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2017/08/30 9:29 a.m.•42 views

CVE-2017-13778

Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.

6.1CVSS6AI score0.00223EPSS

CVE•added 2017/12/04 8:29 a.m.•42 views

CVE-2017-17103

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.

8.8CVSS9.1AI score0.00216EPSS

CVE•added 2017/07/18 5:29 a.m.•40 views

CVE-2017-11413

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2017/07/18 5:29 a.m.•40 views

CVE-2017-11415

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2017/07/18 5:29 a.m.•39 views

CVE-2017-11412

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2021/06/17 4:15 p.m.•38 views

CVE-2020-35373

In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.

6.1CVSS6AI score0.00334EPSS

CVE•added 2017/12/04 8:29 a.m.•37 views

CVE-2017-17102

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].

7.5CVSS8AI score0.00233EPSS

CVE•added 2017/12/04 8:29 a.m.•37 views

CVE-2017-17104

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].

7.8CVSS7.5AI score0.00435EPSS

CVE•added 2017/07/18 5:29 a.m.•36 views

CVE-2017-11419

Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2017/07/26 8:29 a.m.•35 views

CVE-2017-11630

dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.

7.5CVSS7.5AI score0.00784EPSS

CVE•added 2017/07/26 8:29 a.m.•35 views

CVE-2017-11631

dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2017/05/09 4:29 p.m.•35 views

CVE-2017-8853

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.

7.5CVSS7.5AI score0.00588EPSS

CVE•added 2018/10/21 1:29 a.m.•34 views

CVE-2018-18545

Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.

6.1CVSS5.9AI score0.00266EPSS

CVE•added 2014/06/11 2:55 p.m.•32 views

CVE-2014-4032

Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.

4.3CVSS5.8AI score0.00254EPSS