Vulnerabilities > Fiyo > Fiyo CMS > 2.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-18 | CVE-2017-11416 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | 9.8 |
| 2017-07-18 | CVE-2017-11415 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | 9.8 |
| 2017-07-18 | CVE-2017-11414 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | 9.8 |
| 2017-07-18 | CVE-2017-11413 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | 9.8 |
| 2017-07-18 | CVE-2017-11412 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | 9.8 |
| 2017-07-17 | CVE-2017-11354 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | 9.8 |
| 2017-05-09 | CVE-2017-8853 | Path Traversal vulnerability in Fiyo CMS 2.0.7 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | 7.5 |
| 2017-04-10 | CVE-2017-7625 | Code Injection vulnerability in Fiyo CMS In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | 9.8 |