319 matches found
CVE-2024-57605
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...
PT-2025-6754 · Daylight Studio · Fuel Cms
Name of the Vulnerable Software and Affected Versions: Daylight Studio Fuel CMS version 1.5.2 Description: The issue allows an attacker to escalate privileges through the "fuel/blocks/" and "fuel/pages/" components. This is a Cross Site Scripting issue that can be exploited to gain elevated acces...
CVE-2024-57605
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...
CVE-2024-57605
CVE-2024-57605 describes a Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v1.5.2 that allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. The CVSS 3.1 base score is 5.4 (Medium) with network attack vector, low attack complexity, and privileg...
CVE-2024-57605
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...
CVE-2024-57605
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...
CVE-2024-25369
A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...
Cross site scripting
A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...
CVE-2024-25369
A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...
CVE-2024-25369
This CVE concerns FUEL CMS 1.5.2, where a reflected XSS flaw exists in the group_id parameter that can allow an attacker to execute arbitrary code. The descriptions consistently attribute the issue to FUEL CMS 1.5.2 and do not provide concrete mitigation steps or a confirmed patched version withi...
FUEL CMS Security Vulnerability
FUEL CMS is a content management system CMS based on the Codelgniter framework. A security vulnerability exists in FUEL CMS version 1.5.2, which stems from a cross-site scripting XSS vulnerability. The vulnerability can be exploited to execute arbitrary code via the groupid parameter...
CVE-2024-25369
A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability
Withdrawn Advisory This advisory has been withdrawn because this vulnerability does not affect a package in a supported ecosystem. This link has been maintained to preserve external references. Original Description SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CM...
CVE-2020-24950
SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function listitems...
Sql injection
SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function listitems...
CVE-2020-24950
Daylight Studio FUEL-CMS 1.4.9 is affected by a SQL injection in Base_module_model.php via the col parameter of list_items, enabling remote code execution. The CVSSv3.1 vector indicates Network attack, Low attack complexity, Privileges required: Low, No user interaction, with Confidentiality, Int...
CVE-2020-24950
SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function listitems...
CVE-2020-22152
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function...
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...