FuelCMS

CVEs (7)

• CVE-2026-30460HigApr 7, 2026
  Thedaylightstudio

  Fuel CMS
  risk 0.57cvss 8.8epss 0.00

  Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.

• CVE-2026-30461HigApr 15, 2026
  Thedaylightstudio

  Fuel CMS
  risk 0.54cvss 8.3epss 0.00

  Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

• CVE-2026-30459HigApr 16, 2026
  Thedaylightstudio

  Fuel CMS
  risk 0.46cvss 7.1epss 0.00

  An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

• CVE-2026-30462MedApr 27, 2026
  Daylight Studio

  FuelCMS
  risk 0.28cvss 4.3epss 0.00

  A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

• CVE-2026-30457Mar 26, 2026
  Daylight Studio

  FuelCMS
  risk 0.00cvss —epss 0.00

  An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.

• CVE-2026-30463Mar 26, 2026
  Daylight Studio

  FuelCMS
  risk 0.00cvss —epss 0.00

  Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.

• CVE-2026-30458Mar 26, 2026
  Daylight Studio

  FuelCMS
  risk 0.00cvss —epss 0.00

  An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.