Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fiyo Subscribe
Filtered by product Fiyo Cms
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35373 1 Fiyo 1 Fiyo Cms 2021-06-22 4.3 MEDIUM 6.1 MEDIUM
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
CVE-2018-18545 1 Fiyo 1 Fiyo Cms 2020-06-02 4.3 MEDIUM 6.1 MEDIUM
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
CVE-2017-6823 1 Fiyo 1 Fiyo Cms 2019-10-02 6.5 MEDIUM 8.8 HIGH
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
CVE-2017-17103 1 Fiyo 1 Fiyo Cms 2017-12-15 6.5 MEDIUM 8.8 HIGH
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
CVE-2017-17104 1 Fiyo 1 Fiyo Cms 2017-12-15 7.8 HIGH 7.5 HIGH
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].
CVE-2017-17102 1 Fiyo 1 Fiyo Cms 2017-12-14 5.0 MEDIUM 7.5 HIGH
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
CVE-2015-3934 1 Fiyo 1 Fiyo Cms 2017-12-12 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.
CVE-2014-9148 1 Fiyo 1 Fiyo Cms 2017-10-25 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
CVE-2014-9147 1 Fiyo 1 Fiyo Cms 2017-10-25 5.0 MEDIUM 7.5 HIGH
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
CVE-2017-13778 1 Fiyo 1 Fiyo Cms 2017-08-31 4.3 MEDIUM 6.1 MEDIUM
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
CVE-2017-11630 1 Fiyo 1 Fiyo Cms 2017-07-31 5.0 MEDIUM 7.5 HIGH
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.
CVE-2017-11631 1 Fiyo 1 Fiyo Cms 2017-07-31 7.5 HIGH 9.8 CRITICAL
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
CVE-2017-11354 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
CVE-2017-11419 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
CVE-2017-11418 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
CVE-2017-11417 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
CVE-2017-11416 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
CVE-2017-11415 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].
CVE-2017-11414 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].
CVE-2017-11413 1 Fiyo 1 Fiyo Cms 2017-07-20 7.5 HIGH 9.8 CRITICAL
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].