SQL Injection in Fiyo CMS 2.0.7: Privilege Escalation via app_user/sys_user.php
CVE-2017-17103 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.