Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fuel_cms
(Thedaylightstudio)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 32 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-09 | CVE-2021-38721 | FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | Fuel_cms | 6.5 | ||
| 2021-09-09 | CVE-2021-38723 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | Fuel_cms | 8.8 | ||
| 2021-09-09 | CVE-2021-38725 | Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | Fuel_cms | 5.3 | ||
| 2021-09-09 | CVE-2021-38727 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | Fuel_cms | 9.8 | ||
| 2022-02-24 | CVE-2021-44607 | A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | Fuel_cms | 5.4 | ||
| 2022-04-11 | CVE-2022-27156 | Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | Fuel_cms | 5.4 | ||
| 2022-05-03 | CVE-2022-28599 | A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | Fuel_cms | 5.4 | ||
| 2022-06-10 | CVE-2021-44117 | A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. | Fuel_cms | 8.8 | ||
| 2023-02-03 | CVE-2021-36569 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | Fuel_cms | 8.8 | ||
| 2023-02-03 | CVE-2021-36570 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | Fuel_cms | 8.8 |