Design/Logic Flaw

2020-11-0417:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

CPENameOperatorVersion
fuel_cmsle1.4.12

CPE	Name	Operator	Version
	fuel_cms	le	1.4.12

References

excellium-services.com/cert-xlm-advisory/cve-2020-26167/

github.com/daylightstudio/FUEL-CMS/

thedaylightstudio.com/

www.getfuelcms.com/