Thedaylightstudio: >> Fuel Cms >> 1.5.2 Security Vulnerabilities
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
CVSS Score
8.3
EPSS Score
0.003
Published
2026-04-15
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-04-07
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-03-26
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
CVSS Score
7.7
EPSS Score
0.0
Published
2026-03-26
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-26
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-02-12
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-22
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-06-09