In Fiyo CMS 2.x up to and including 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fiyo fiyo cms 2.0.2.1 |
||
fiyo fiyo cms 2.0.6 |
||
fiyo fiyo cms 2.0.7 |
||
fiyo fiyo cms 2.0 |
||
fiyo fiyo cms 2.0.1.6 |
||
fiyo fiyo cms 2.0.1.8 |