PT-2017-11954 · Fiyo · Fiyo Cms
Iflody
·
Publicado
2017-07-17
·
Atualizado
2017-07-20
·
CVE-2017-11354
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fiyo CMS version 2.0.7
Description
The issue is related to an SQL injection vulnerability. It occurs in the dapur/apps/app article/sys article.php file through the
name parameter when editing or adding a tag name.Recommendations
For Fiyo CMS version 2.0.7, avoid using the
name parameter in the affected file until the issue is resolved. As a temporary workaround, consider restricting access to the sys article.php file to minimize the risk of exploitation.Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fiyo Cms