Fiyo Cms Security Vulnerabilities and Issues — Fiyo Cms CVE List

Lucene search

FiyoFiyo Cms

6 matches found

CVE•added 2017/10/16 3:29 p.m.•52 views

CVE-2014-9147

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.

7.5CVSS7.6AI score0.17919EPSS

CVE•added 2015/04/14 2:59 p.m.•48 views

CVE-2014-9145

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter ...

7.5CVSS10AI score0.01016EPSS

CVE•added 2017/12/04 8:29 a.m.•38 views

CVE-2017-17102

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].

7.5CVSS8AI score0.00233EPSS

CVE•added 2017/12/04 8:29 a.m.•37 views

CVE-2017-17104

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].

7.8CVSS7.5AI score0.00435EPSS

CVE•added 2017/07/26 8:29 a.m.•35 views

CVE-2017-11630

dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.

7.5CVSS7.5AI score0.00784EPSS

CVE•added 2017/05/09 4:29 p.m.•35 views

CVE-2017-8853

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.

7.5CVSS7.5AI score0.00588EPSS