Vulnerabilities > Fiyo > Fiyo CMS > 2.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-21 | CVE-2018-18545 | Cross-site Scripting vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | 6.1 |
| 2017-12-04 | CVE-2017-17104 | Information Exposure vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | 7.5 |
| 2017-12-04 | CVE-2017-17103 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. | 8.8 |
| 2017-12-04 | CVE-2017-17102 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | 7.5 |
| 2017-08-30 | CVE-2017-13778 | Cross-site Scripting vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | 6.1 |
| 2017-07-26 | CVE-2017-11631 | SQL Injection vulnerability in Fiyo CMS 2.0.7 dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. | 9.8 |
| 2017-07-26 | CVE-2017-11630 | Path Traversal vulnerability in Fiyo CMS 2.0.7 dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | 7.5 |
| 2017-07-18 | CVE-2017-11419 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. | 9.8 |
| 2017-07-18 | CVE-2017-11418 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. | 9.8 |
| 2017-07-18 | CVE-2017-11417 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. | 9.8 |