CVE-2017-17104

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue allows for arbitrary file read in the dapur/apps/app theme/libs/check file.php file via the src or name variables in the $ GET request.

Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the check file.php file or validating and sanitizing the src and name variables in the $ GET request to prevent arbitrary file read. As a temporary workaround, consider disabling the use of the src and name variables in the check file.php file until a patch is available.