VYPR

Fuel CMS

by Daylight Studio

CVEs (9)

  • CVE-2021-38727CriSep 9, 2021
    risk 0.64cvss 9.8epss 0.02

    FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items

  • CVE-2020-24791CriMar 10, 2021
    risk 0.64cvss 9.8epss 0.03

    FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

  • CVE-2021-38723HigSep 9, 2021
    risk 0.57cvss 8.8epss 0.01

    FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items

  • CVE-2020-23722HigMar 10, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.

  • CVE-2020-22152MedJul 3, 2023
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.

  • CVE-2022-27156MedApr 11, 2022
    risk 0.35cvss 5.4epss 0.00

    Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.

  • CVE-2020-23721MedMar 10, 2021
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.

  • CVE-2021-38725MedSep 9, 2021
    risk 0.00cvss 5.3epss 0.01

    Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php

  • CVE-2021-38290HigAug 9, 2021
    risk 0.00cvss 8.1epss 0.01

    A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.