Fiyo Cms

fiyo_cms

Vendor: Fiyo • 26 CVEs

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-35373 1Fiyo 1Fiyo Cms Nov 21, 2024 Jun 17, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
CVE-2018-18545 1Fiyo 1Fiyo Cms Nov 21, 2024 Oct 21, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
CVE-2017-17104 1Fiyo 1Fiyo Cms May 13, 2026 Dec 4, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].
CVE-2017-17103 1Fiyo 1Fiyo Cms May 13, 2026 Dec 4, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
CVE-2017-17102 1Fiyo 1Fiyo Cms May 13, 2026 Dec 4, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
CVE-2015-3934 1Fiyo 1Fiyo Cms May 13, 2026 Nov 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login...Show more Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.Show less
CVE-2014-9148 1Fiyo 1Fiyo Cms May 13, 2026 Oct 16, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur...Show more Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.Show less
CVE-2014-9147 1Fiyo 1Fiyo Cms May 13, 2026 Oct 16, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
CVE-2017-13778 1Fiyo 1Fiyo Cms May 13, 2026 Aug 30, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
CVE-2017-11631 1Fiyo 1Fiyo Cms May 13, 2026 Jul 26, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
CVE-2017-11630 1Fiyo 1Fiyo Cms May 13, 2026 Jul 26, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerabil...Show more dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.Show less
CVE-2017-11419 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
CVE-2017-11418 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].
CVE-2017-11417 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].
CVE-2017-11416 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.
CVE-2017-11415 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].
CVE-2017-11414 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].
CVE-2017-11413 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].
CVE-2017-11412 1Fiyo 1Fiyo Cms May 13, 2026 Jul 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].
CVE-2017-11354 1Fiyo 1Fiyo Cms May 13, 2026 Jul 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.

12 Next