CVE-2017-11412

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue concerns SQL injection. It can be exploited via the $ GET['id'] variable in the dapur/apps/app comment/controller/comment status.php file.

Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the comment status.php file until a patch is available. As a temporary workaround, avoid using the id variable in the affected API endpoint until the issue is resolved.