Rai4Over

**Name of the Vulnerable Software and Affected Versions** Fiyo CMS version 2.0.7 **Description** The issue allows remote attackers to delete arbitrary files via directory traversal sequences in the `file` parameter in a `type=database` request to the `/dapur/apps/app config/controller/backuper.php` endpoint. **Recommendations** For Fiyo CMS version 2.0.7, restrict access to the `backuper.php` file to minimize the risk of exploitation. Avoid using the `file` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Fiyo CMS version 2.0.7 **Description** The issue is related to SQL injection via the `id` parameter in the dapur/app/app user/controller/status.php file. **Recommendations** For Fiyo CMS version 2.0.7, avoid using the `id` parameter in the vulnerable file until the issue is resolved. Consider restricting access to the status.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.