Vulnerabilities > Fiyo > Fiyo CMS > 2.0.7

DATE CVE VULNERABILITY TITLE RISK
2017-12-04 CVE-2017-17104 Information Exposure vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].
network
low complexity
fiyo CWE-200
7.8
7.8
2017-12-04 CVE-2017-17103 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email].
network
low complexity
fiyo CWE-89
6.5
6.5
2017-12-04 CVE-2017-17102 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
network
low complexity
fiyo CWE-89
5.0
5.0
2017-08-30 CVE-2017-13778 Cross-site Scripting vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
network
fiyo CWE-79
4.3
4.3
2017-07-26 CVE-2017-11631 SQL Injection vulnerability in Fiyo CMS 2.0.7
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
network
low complexity
fiyo CWE-89
7.5
7.5
2017-07-26 CVE-2017-11630 Path Traversal vulnerability in Fiyo CMS 2.0.7
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.
network
low complexity
fiyo CWE-22
5.0
5.0
2017-07-18 CVE-2017-11419 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
network
low complexity
fiyo CWE-89
7.5
7.5
2017-07-18 CVE-2017-11418 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
network
low complexity
fiyo CWE-89
7.5
7.5
2017-07-18 CVE-2017-11417 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
network
low complexity
fiyo CWE-89
7.5
7.5
2017-07-18 CVE-2017-11416 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
network
low complexity
fiyo CWE-89
7.5
7.5