Fiyo CMS 2.0.1.8 allows remote malicious users to obtain sensitive information via a direct request to the database backup file in .backup/.
fiyo fiyo cms