SQL Injection in Fiyo CMS 2.0.7: Privilege Escalation via app_user/sys_user.php

SQL Injection in Fiyo CMS 2.0.7: Privilege Escalation via app_user/sys_user.php

CVE-2017-17103 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.