PT-2017-11954 · Fiyo · Fiyo Cms
Iflody
·
Published
2017-07-17
·
Updated
2017-07-20
·
CVE-2017-11354
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fiyo CMS version 2.0.7
Description
The issue is related to an SQL injection vulnerability. It occurs in the dapur/apps/app article/sys article.php file through the
name parameter when editing or adding a tag name.Recommendations
For Fiyo CMS version 2.0.7, avoid using the
name parameter in the affected file until the issue is resolved. As a temporary workaround, consider restricting access to the sys article.php file to minimize the risk of exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fiyo Cms