Critical severity9.8NVD Advisory· Published Oct 16, 2017· Updated May 13, 2026

CVE-2014-9148

Description

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.

Affected products

Fiyo/Fiyo CMS
cpe:2.3:a:fiyo:fiyo_cms:*:*:*:*:*:*:*:*
Range: <=2.0.1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.htmlnvdExploitIssue TrackingThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/36581/nvdExploitIssue TrackingThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/73437nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.019
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000