Critical severity9.8NVD Advisory· Published Apr 10, 2017· Updated May 13, 2026

CVE-2017-7625

Description

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.

Affected products

Fiyo/Fiyo CMS6 versions
cpe:2.3:a:fiyo:fiyo_cms:2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:fiyo:fiyo_cms:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:fiyo:fiyo_cms:2.0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:fiyo:fiyo_cms:2.0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:fiyo:fiyo_cms:2.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:fiyo:fiyo_cms:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:fiyo:fiyo_cms:2.0.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Xyntax/POC-T/blob/2.0/script/fiyo2.0.7-getshell.pynvdExploitThird Party Advisory
www.securityfocus.com/bid/97571nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000