PT-2017-17353 · Fiyo · Fiyo Cms

Dvnrcy

+1

·

Published

2017-03-12

·

Updated

2019-10-03

·

CVE-2017-6823

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.6.1
Description The issue allows remote authenticated users to gain privileges by modifying the level parameter in the /dapur/ endpoint with an app=user&act=edit action.
Recommendations For Fiyo CMS version 2.0.6.1, consider restricting access to the /dapur/ endpoint with app=user&act=edit action until a patch is available. As a temporary workaround, avoid using the modified level parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-294

Related Identifiers

CVE-2017-6823

Affected Products

Fiyo Cms