dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.Referenceshttps://github.com/FiyoCMS/FiyoCMS/issues/7
