Vulnerabilities > Fiyo > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-07-18 CVE-2017-11412 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-07-17 CVE-2017-11354 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
network
low complexity
fiyo CWE-89
critical
 9.8
9.8
2017-04-10 CVE-2017-7625 Code Injection vulnerability in Fiyo CMS
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
network
low complexity
fiyo CWE-94
critical
 9.8
9.8