EUVD-2021-34833

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVE-2021-47980

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

FUEL CMS SQL注入漏洞

Fuel CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.4.13 of Fuel CMS has a SQL injection vulnerability. This vulnerability stems from a blind SQL injection flaw, allowing authenticated attackers to manipulate database queries throug...

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. The Daylight Studio FuelCMS v1.5.2 version contains a security vulnerability. This vulnerability stems from an issue with email splitting attacks, which may allow attackers to steal users’...

FUEL CMS 安全漏洞

FUEL CMS is a Content Management System CMS based on the Codelgniter framework by David McReynolds, an individual developer. A security vulnerability exists in FUEL CMS v1.5.2, which stems from vulnerability to cross-site scripting attacks that can be exploited to achieve elevation of privilege b...

PT-2024-20904 · Fuel Cms · Fuel Cms

Name of the Vulnerable Software and Affected Versions: FUEL CMS version 1.5.2 Description: A reflected Cross-Site Scripting XSS issue allows attackers to run arbitrary code via a crafted string after the group id parameter. Recommendations: For FUEL CMS version 1.5.2, consider restricting access ...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. A security vulnerability exists in FUEL CMS v1.5.2, which is caused by an SQL injection vulnerability in the id parameter of the /controllers/Blocks.php page...

FUEL CMS 跨站请求伪造漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. A security vulnerability exists in FUEL CMS version 1.4.13, which stems from a cross-site request forgery vulnerability that can be exploited by remote attackers to run arbitrary code...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. FUEL CMS in version 1.5.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter col in the software's /FUEL/index.php/FUEL/logs/items for externally-inputted SQL...

FUEL-CMS 访问控制错误漏洞

FUEL CMS is a CodeIgniter-based content management system. A brute-force cracking vulnerability exists in fuel/modules/fuel/controllers/Login.php in Fuel CMS version 1.5.0. An attacker can use this vulnerability to brute-force the administrator's email address...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system based on CodeIgniter. A stored cross-site scripting vulnerability exists in the Blocks/Navigation/Site variable in FUEL CMS 1.4.11. An attacker can exploit this vulnerability to steal cookies...