Skip to main content

Fiyo Cms

25 CVEs product

Monthly

CVE-2018-18545 MEDIUM POC This Month

Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2017-17104 HIGH POC This Week

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fiyo Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-17103 HIGH POC This Week

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17102 HIGH POC This Week

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-3934 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.3%
CVE-2014-9148 CRITICAL POC THREAT Emergency

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.2%.

Authentication Bypass Fiyo Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.2%
Threat
4.2
CVE-2014-9147 HIGH POC THREAT Act Now

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Fiyo Cms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.9%
CVE-2017-13778 MEDIUM PATCH This Month

Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fiyo Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11631 CRITICAL PATCH Act Now

dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11630 HIGH PATCH This Week

dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Fiyo Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-11419 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11418 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11417 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11416 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11415 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11414 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11413 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11412 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11354 CRITICAL PATCH Act Now

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8853 HIGH PATCH This Week

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Fiyo Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7625 CRITICAL POC Act Now

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-6823 HIGH POC This Week

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fiyo Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.8%
CVE-2014-9146 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9145 HIGH POC This Week

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fiyo Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-4032 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fiyo Cms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fiyo Cms
NVD Exploit-DB
EPSS 24% 4.2 CVSS 9.8
CRITICAL POC THREAT Emergency

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.2%.

Authentication Bypass Fiyo Cms
NVD Exploit-DB
EPSS 18% CVSS 7.5
HIGH POC THREAT Act Now

Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Fiyo Cms
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Fiyo Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC This Week

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fiyo Cms
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fiyo Cms
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy