CVE-2017-17103

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue allows for SQL injection via the /apps/app user/sys user.php endpoint, specifically through the name or email variables in the $ POST request. This can lead to privilege escalation from a normal user to an administrator.

Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the /apps/app user/sys user.php endpoint until a fix is available, and avoid using the name or email variables in the $ POST request to minimize the risk of exploitation.