Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fiyo_cms
(Fiyo)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 26 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-06-17 | CVE-2020-35373 | In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | Fiyo_cms | 6.1 | ||
2018-10-21 | CVE-2018-18545 | Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | Fiyo_cms | N/A | ||
2017-03-12 | CVE-2017-6823 | Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | Fiyo_cms | 8.8 | ||
2017-05-09 | CVE-2017-8853 | Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | Fiyo_cms | 7.5 | ||
2017-04-10 | CVE-2017-7625 | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | Fiyo_cms | 9.8 | ||
2017-12-04 | CVE-2017-17104 | Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | Fiyo_cms | 7.5 | ||
2017-12-04 | CVE-2017-17103 | Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | Fiyo_cms | 8.8 | ||
2017-12-04 | CVE-2017-17102 | Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | Fiyo_cms | 7.5 | ||
2017-08-30 | CVE-2017-13778 | Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | Fiyo_cms | 6.1 | ||
2017-07-26 | CVE-2017-11631 | dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | Fiyo_cms | 9.8 |