Vulnerabilities > Fiyo > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-17 CVE-2020-35373 Cross-site Scripting vulnerability in Fiyo CMS 2.0.6.1
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
network
low complexity
fiyo CWE-79
6.1
2017-12-04 CVE-2017-17103 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email].
network
low complexity
fiyo CWE-89
6.5
2017-12-04 CVE-2017-17102 SQL Injection vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
network
low complexity
fiyo CWE-89
5.0
2017-10-16 CVE-2014-9147 Information Exposure vulnerability in Fiyo CMS
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
network
low complexity
fiyo CWE-200
5.0
2017-08-30 CVE-2017-13778 Cross-site Scripting vulnerability in Fiyo CMS 2.0.7
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
network
fiyo CWE-79
4.3
2017-07-26 CVE-2017-11630 Path Traversal vulnerability in Fiyo CMS 2.0.7
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.
network
low complexity
fiyo CWE-22
5.0
2017-05-09 CVE-2017-8853 Path Traversal vulnerability in Fiyo CMS 2.0.7
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
network
low complexity
fiyo CWE-22
6.4
2017-03-12 CVE-2017-6823 Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
network
low complexity
fiyo CWE-294
6.5
2015-04-14 CVE-2014-9146 Cross-site Scripting vulnerability in Fiyo CMS 2.0.1.8
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.
network
fiyo CWE-79
4.3
2014-06-11 CVE-2014-4032 Cross-Site Scripting vulnerability in Fiyo CMS 1.5.7
Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.
network
fiyo CWE-79
4.3