Filtered by vendor Fiyo
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-11416 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | N/A |
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | ||||
CVE-2017-11354 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | N/A |
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | ||||
CVE-2017-7625 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | N/A |
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | ||||
CVE-2017-6823 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | N/A |
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | ||||
CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | 6.1 Medium |
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | ||||
CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2024-08-04 | 6.1 Medium |
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. |