Thedaylightstudio: >> Fuel Cms Security Vulnerabilities
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
CVSS Score
9.8
EPSS Score
0.064
Published
2023-07-03
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-06-09
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-03
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-03
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-06-10
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-03
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-24
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-09
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-09