CVE-2017-11414

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue concerns SQL injection in a specific PHP file, allowing potential exploitation via several parameters. The vulnerable parameters include comment, name, web, email, status, id from $ POST, and id from $ REQUEST.

Recommendations For Fiyo CMS version 2.0.7, consider validating and sanitizing user input for the comment, name, web, email, status, and id parameters to prevent SQL injection attacks. As a temporary workaround, restrict access to the dapur/apps/app comment/sys comment.php file until a proper fix is applied.