PT-2017-14713 · Fiyo · Fiyo Cms

Xrmhtop

·

Published

2017-12-04

·

Updated

2017-12-14

·

CVE-2017-17102

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7
Description The issue concerns SQL injection. It can be exploited via the /system/site.php API endpoint, specifically through the link variable in the $ REQUEST array.
Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the /system/site.php endpoint until a patch is available, and avoid using the link variable in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-17102

Affected Products

Fiyo Cms