Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fuel_cms
(Thedaylightstudio)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 32 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-04-11 | CVE-2022-27156 | Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | Fuel_cms | 5.4 | ||
2022-02-24 | CVE-2021-44607 | A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | Fuel_cms | 5.4 | ||
2018-09-09 | CVE-2018-16763 | FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. | Fuel_cms | 9.8 | ||
2021-09-09 | CVE-2021-38727 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | Fuel_cms | 9.8 | ||
2021-09-09 | CVE-2021-38721 | FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | Fuel_cms | 6.5 | ||
2021-09-09 | CVE-2021-38723 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | Fuel_cms | 8.8 | ||
2021-09-09 | CVE-2021-38725 | Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | Fuel_cms | 5.3 | ||
2021-08-09 | CVE-2021-38290 | A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing. | Fuel_cms | 8.1 | ||
2020-11-04 | CVE-2020-26167 | In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | Fuel_cms | 9.8 | ||
2021-03-10 | CVE-2020-23722 | An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters. | Fuel_cms | 8.8 |