Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thedaylightstudio fuel cms vulnerabilities and exploits
(subscribe to this query)
670
VMScore
CVE-2021-38727
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
Thedaylightstudio Fuel Cms 1.5.0
NA
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
Thedaylightstudio Fuel Cms 1.4.6
NA
CVE-2020-22152
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
Thedaylightstudio Fuel Cms 1.4.6
NA
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote malicious user to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
Thedaylightstudio Fuel Cms 1.4.6
668
VMScore
CVE-2020-17463
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Thedaylightstudio Fuel Cms 1.4.7
312
VMScore
CVE-2018-20136
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
Thedaylightstudio Fuel Cms 1.4.3
312
VMScore
CVE-2018-20137
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
Thedaylightstudio Fuel Cms 1.4.3
605
VMScore
CVE-2018-20188
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
Thedaylightstudio Fuel Cms 1.4.3
NA
CVE-2021-36570
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote malicious users to run arbitrary code via post ID to /permissions/delete/2---.
Thedaylightstudio Fuel Cms 1.4.13
605
VMScore
CVE-2021-44117
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
Thedaylightstudio Fuel Cms 1.5.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »