Lucene search
GitHub Advisory DatabaseGHSA-7RVP-XQJ7-RXF2HistoryAug 11, 2023 - 3:30 p.m.
Daylight Studio FUEL-CMS SQLi Vulnerability
2023-08-1115:30:46
CWE-89
GitHub Advisory Database
github.com
7
daylight studio
fuel-cms
sql injection
base_module_model.php
remote attackers
arbitrary code
version 1.4.9
list_items function
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.3%
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
Affected configurations
Node
codeignitercodeigniterRange≤1.4.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| codeigniter/framework | le | 1.4.9 |
Related
cve
cve
CVE-2020-24950
2023-08-11 14:15:10
osv
osv
CVE-2020-24950
2023-08-11 14:15:10
Daylight Studio FUEL-CMS SQLi Vulnerability
2023-08-11 15:30:46
nvd
nvd
CVE-2020-24950
2023-08-11 14:15:10
prion
prion
Sql injection
2023-08-11 14:15:00
cvelist
cvelist
CVE-2020-24950
2023-08-11 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.3%
Related for GHSA-7RVP-XQJ7-RXF2