CVE-2017-8853

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue concerns an arbitrary file delete vulnerability. It is located in the dapur/apps/app config/controller/backuper.php file via directory traversal in the file parameter during an act=db action.

Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the backuper.php file to minimize the risk of exploitation. Avoid using the file parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.