An issue exists in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
thedaylightstudio fuel cms 1.4.7