Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thedaylightstudio fuel cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
Thedaylightstudio Fuel Cms 1.4.6
9.8
CVSSv3
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
Thedaylightstudio Fuel Cms 1.4.6
9.8
CVSSv3
CVE-2021-38727
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
Thedaylightstudio Fuel Cms 1.5.0
9.8
CVSSv3
CVE-2020-24791
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an malicious user to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Thedaylightstudio Fuel Cms 1.4.8
9.8
CVSSv3
CVE-2020-26045
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an malicious user to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Thedaylightstudio Fuel Cms 1.4.11
9.8
CVSSv3
CVE-2020-26167
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
Thedaylightstudio Fuel Cms
9.8
CVSSv3
CVE-2020-17463
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Thedaylightstudio Fuel Cms 1.4.7
9.8
CVSSv3
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Thedaylightstudio Fuel Cms
1 EDB exploit
26 Github repositories
9.8
CVSSv3
CVE-2018-16762
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
Thedaylightstudio Fuel Cms
8.8
CVSSv3
CVE-2020-24950
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote malicious users to execute arbitrary code via the col parameter to function list_items.
Thedaylightstudio Fuel Cms 1.4.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »