Vulnerabilities > Fiyo > Fiyo CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-17 | CVE-2020-35373 | Cross-site Scripting vulnerability in Fiyo CMS 2.0.6.1 In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | 6.1 |
| 2017-12-04 | CVE-2017-17103 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. | 6.5 |
| 2017-12-04 | CVE-2017-17102 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | 5.0 |
| 2017-10-16 | CVE-2014-9147 | Information Exposure vulnerability in Fiyo CMS Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | 5.0 |
| 2017-08-30 | CVE-2017-13778 | Cross-site Scripting vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | 4.3 |
| 2017-07-26 | CVE-2017-11630 | Path Traversal vulnerability in Fiyo CMS 2.0.7 dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | 5.0 |
| 2017-05-09 | CVE-2017-8853 | Path Traversal vulnerability in Fiyo CMS 2.0.7 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | 6.4 |
| 2017-03-12 | CVE-2017-6823 | Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1 Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | 6.5 |
| 2015-04-14 | CVE-2014-9146 | Cross-site Scripting vulnerability in Fiyo CMS 2.0.1.8 Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. | 4.3 |
| 2014-06-11 | CVE-2014-4032 | Cross-Site Scripting vulnerability in Fiyo CMS 1.5.7 Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. | 4.3 |