Lucene search

PRIOn knowledge basePRION:CVE-2018-16763

HistorySep 09, 2018 - 9:29 p.m.

Remote code execution

2018-09-0921:29:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.792 High

EPSS

Percentile

98.3%

JSON

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

CPENameOperatorVersion
fuel_cmsle1.4.2

CPE	Name	Operator	Version
	fuel_cms	le	1.4.2

References

packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html

packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html

packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html

0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/

github.com/daylightstudio/FUEL-CMS/issues/478

www.exploit-db.com/exploits/47138