Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fiyo_cms
(Fiyo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-17 | CVE-2020-35373 | In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | Fiyo_cms | 6.1 | ||
| 2018-10-21 | CVE-2018-18545 | Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | Fiyo_cms | N/A | ||
| 2017-03-12 | CVE-2017-6823 | Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | Fiyo_cms | 8.8 | ||
| 2017-05-09 | CVE-2017-8853 | Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | Fiyo_cms | 7.5 | ||
| 2017-04-10 | CVE-2017-7625 | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | Fiyo_cms | 9.8 | ||
| 2017-12-04 | CVE-2017-17104 | Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | Fiyo_cms | 7.5 |