Vulnerabilities > Fiyo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-09 | CVE-2017-8853 | Path Traversal vulnerability in Fiyo CMS 2.0.7 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | 7.5 |
| 2017-04-10 | CVE-2017-7625 | Code Injection vulnerability in Fiyo CMS In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | 9.8 |
| 2017-03-12 | CVE-2017-6823 | Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1 Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | 8.8 |