Vulnerabilities > Fiyo > Fiyo CMS > 1.5.7

DATE CVE VULNERABILITY TITLE RISK
2017-10-16 CVE-2014-9148 Improper Access Control vulnerability in Fiyo CMS
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
network
low complexity
fiyo CWE-284
7.5
7.5
2017-10-16 CVE-2014-9147 Information Exposure vulnerability in Fiyo CMS
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
network
low complexity
fiyo CWE-200
5.0
5.0
2014-06-11 CVE-2014-4032 Cross-Site Scripting vulnerability in Fiyo CMS 1.5.7
Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.
network
fiyo CWE-79
4.3
4.3