CVE-2017-17103

2017-12-0408:00:00

mitre

www.cve.org

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.

References

github.com/FiyoCMS/FiyoCMS/issues/10