mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
780 B
780 B
CVE-2014-9148
Description
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
POC
Reference
- http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html
- https://www.exploit-db.com/exploits/36581/
Github
No PoCs found on GitHub currently.