CVE-2015-3934

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0 1.9.1

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter to the "apps/app article/controller/rating.php" endpoint or the user parameter to the "user/login" endpoint.

Recommendations For Fiyo CMS version 2.0 1.9.1, as a temporary workaround, consider restricting access to the rating.php and login endpoints until a patch is available. Avoid using the id and user parameters in the affected endpoints until the issue is resolved.