dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote malicious users to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fiyo fiyo cms 2.0.7 |