CVE-2014-9148

Опубликовано: 16 окт. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.

Ссылки

http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/73437
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/36581/
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/73437
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/36581/
Exploit
Issue Tracking
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fiyo:fiyo_cms:*:*:*:*:*:*:*:*

Версия до 2.0.1.8 (включая)

EPSS

Процентиль: 96%

0.24232

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-5hq2-6346-wf37