Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fuel_cms
(Thedaylightstudio)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 32 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-04 | CVE-2020-26167 | In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | Fuel_cms | 9.8 | ||
| 2020-08-13 | CVE-2020-17463 | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | Fuel_cms | 9.8 | ||
| 2023-06-09 | CVE-2023-33557 | Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | Fuel_cms | 8.8 | ||
| 2021-01-05 | CVE-2020-26045 | FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | Fuel_cms | 9.8 | ||
| 2021-01-05 | CVE-2020-26046 | FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | Fuel_cms | 5.4 | ||
| 2021-03-10 | CVE-2020-23721 | An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. | Fuel_cms | 5.4 | ||
| 2021-03-10 | CVE-2020-23722 | An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters. | Fuel_cms | 8.8 | ||
| 2021-03-10 | CVE-2020-24791 | FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | Fuel_cms | 9.8 | ||
| 2021-03-10 | CVE-2020-28705 | FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3. | Fuel_cms | 4.3 | ||
| 2021-08-09 | CVE-2021-38290 | A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing. | Fuel_cms | 8.1 |