Fiyo CMS Multiple Security Vulnerabilities

Fiyo CMS is prone to multiple SQL-injection vulnerabilities, a directory-traversal vulnerability, multiple SQL-injection vulnerabilities, an authentication-bypass vulnerability and an access-control bypass vulnerability.

An attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, write an arbitrary file within the context of the web server, or perform unauthorized actions. This may aid in launching further attacks.


Privacy Statement
Copyright 2010, SecurityFocus