Filtered by vendor Thedaylightstudio
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17463 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | |||||
| CVE-2018-16763 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. | |||||
| CVE-2021-38727 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | |||||
| CVE-2020-26167 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | |||||
| CVE-2020-24791 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2018-16762 | 1 Thedaylightstudio | 1 Fuel Cms | 2018-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | |||||