Vulnerabilities > Fiyo > Fiyo CMS > 2.0.1.6

DATE CVE VULNERABILITY TITLE RISK
2017-10-16 CVE-2014-9148 Improper Access Control vulnerability in Fiyo CMS
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
network
low complexity
fiyo CWE-284
7.5
7.5
2017-10-16 CVE-2014-9147 Information Exposure vulnerability in Fiyo CMS
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
network
low complexity
fiyo CWE-200
5.0
5.0
2017-04-10 CVE-2017-7625 Code Injection vulnerability in Fiyo CMS
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
network
low complexity
fiyo CWE-94
7.5
7.5