13 matches found
EUVD-2021-25164
Malware in sbrugna...
CVE-2021-44117
A Cross Site Request Forgery CSRF vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4...
CVE-2021-44117
CVE-2021-44117 affects TheDayLightStudio Fuel CMS 1.5.0. The vulnerability is a Cross-Site Request Forgery (CSRF) present in a POST request to /fuel/sitevariables/delete/4, enabling an attacker to forge a request that performs a sensitive operation on behalf of a victim. NVD CVSSv3.1 vector: CVSS...
CVE-2021-44117
A Cross Site Request Forgery CSRF vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4...
Fuel CMS 1.5.0 - Cross-Site Request Forgery Vulnerability
Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce: 1. Login with us...
CVE-2021-38727
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items...
Sql injection
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items...
CVE-2021-38723
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items...
CVE-2021-38721
FUEL CMS 1.5.0 login.php contains a cross-site request forgery CSRF vulnerability...
Cross site request forgery (csrf)
FUEL CMS 1.5.0 login.php contains a cross-site request forgery CSRF vulnerability...
CVE-2021-38723
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items...
Design/Logic Flaw
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuelconstants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing...
CVE-2021-38290
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuelconstants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing...