60 matches found
CVE-2026-30458
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack...
PT-2026-28400
Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...
CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
PT-2026-28398
Name of the Vulnerable Software and Affected Versions FuelCMS version 1.5.2 Description An issue exists in the /parser/dwoo component that allows attackers to execute arbitrary code through crafted PHP code. The affected component is susceptible to code execution when processing specially designe...
PT-2026-28399
Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description An issue exists in Daylight Studio FuelCMS version 1.5.2 that allows attackers to obtain users' password reset tokens through a mail splitting attack. A mail splitting attack involves...
CVE-2026-30457
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...
CVE-2026-30457
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...
CVE-2026-30458
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack...
CVE-2026-30457
CVE-2026-30457 affects Daylight Studio FuelCMS v1.5.2 in the internal /parser/dwoo component. The issue allows attackers to execute arbitrary PHP code through crafted PHP input, indicating a code-execution vulnerability with a high impact. The available sources identify the affected software/vers...
CVE-2026-30463
CVE-2026-30463 affects Daylight Studio FuelCMS v1.5.2. The vulnerability is a SQL injection in the /controllers/Login.php component. Root cause is an injectable parameter handling in that login controller. Remediation per PT-Security PT-2026-28400 is to update FuelCMS to a newer version; as a tem...
CVE-2026-30458
CVE-2026-30458 affects Daylight Studio FuelCMS v1.5.2. The issue allows exfiltration of password reset tokens through a mail-splitting attack, with CVSS v3.1 base score 9.1 (CRITICAL) and high impact to confidentiality/integrity; exploitation details are not provided in the documents. Remediation...
CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
CVE-2026-30458
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack...
CVE-2026-30457
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...
Exploit for Injection in Thedaylightstudio Fuel_Cms
CVE-2018-16763 - FuelCMS Exploit to trigger RCE for CVE-2...
Exploit for Injection in Thedaylightstudio Fuel_Cms
CVE-2018-16763 FuelCMS 1.4.1 Remote Code Execution Vulnera...
Exploit for Injection in Thedaylightstudio Fuel_Cms
CVE-2018-16763 FuelCMS 1.4.1 Remote Code Execution Vulnera...
fuelCMS 1.4.1 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: fuelCMS 1.4.1 - Remote Code Execution Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start =...
fuelCMS 1.4.1 - Remote Code Execution
fuelCMS 1.4.1 - Remote Code Execution Exploit Title: fuelCMS 1.4.1 - Remote Code Execution Date: 2019-07-19 Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start =...
fuelCMS 1.4.1 Remote Code Execution
Exploit Title: fuelCMS 1.4.1 - Remote Code Execution Date: 2019-07-19 Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start = haystack.findneedle, start+1 n -= 1 return start...