PT-2017-14715 · Fiyo · Fiyo Cms

Xrmhtop

Published

2017-12-04

Updated

2017-12-15

CVE-2017-17104

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue allows for arbitrary file read in the dapur/apps/app theme/libs/check file.php file via the src or name variables in the $ GET request.

Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the check file.php file or validating and sanitizing the src and name variables in the $ GET request to prevent arbitrary file read. As a temporary workaround, consider disabling the use of the src and name variables in the check file.php file until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-17104

Affected Products

Fiyo Cms

PT-2017-14715 · Fiyo · Fiyo Cms

CVE-2017-17104

Weakness Enumeration

Related Identifiers

Affected Products

References · 3