4 matches found
fuel CMS 1.4.1 - Remote Code Execution (1)
Exploit Title: fuel CMS 1.4.1 - Remote Code Execution 1 Date: 2019-07-19 Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start = haystack.findneedle, start+1 n -= 1 return start...
CVE-2018-16762
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or searchterm parameter to pages/items...
Sql injection
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or searchterm parameter to pages/items...
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. Recent assessments: noraj at May 08, 2021 7:33pm UTC reported: Unauthenticated RCE with default config, this is critical. Assessed...