VYPR
Unrated severityNVD Advisory· Published Apr 14, 2015· Updated Jun 17, 2026

CVE-2014-9145

CVE-2014-9145

Description

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fiyo/FiyoCMS2 versions
    cpe:2.3:a:fiyo:fiyo_cms:2.0.1.8:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fiyo:fiyo_cms:2.0.1.8:*:*:*:*:*:*:*
    • (no CPE)range: = 2.0.1.8

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.