Product:

Fiyo_cms

(Fiyo)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2021-06-17 CVE-2020-35373 In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. Fiyo_cms 6.1
2018-10-21 CVE-2018-18545 Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. Fiyo_cms N/A
2017-03-12 CVE-2017-6823 Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. Fiyo_cms 8.8
2017-05-09 CVE-2017-8853 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. Fiyo_cms 7.5
2017-04-10 CVE-2017-7625 In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. Fiyo_cms 9.8
2017-12-04 CVE-2017-17104 Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. Fiyo_cms 7.5
2017-12-04 CVE-2017-17103 Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. Fiyo_cms 8.8
2017-12-04 CVE-2017-17102 Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. Fiyo_cms 7.5
2017-08-30 CVE-2017-13778 Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. Fiyo_cms 6.1
2017-07-26 CVE-2017-11631 dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. Fiyo_cms 9.8