Skip to main content
CVE-2017-11420 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Buffer Overflow RCE Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +25
NVD
CVSS 3.0
9.8
EPSS
17.7%
Threat
4.0
CVE-2017-11419 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11418 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11417 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11416 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11415 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11414 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11413 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11412 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy