EUVD-2020-14916

Malware in sbrugna...

CVE-2022-28599

A stored cross-site scripting XSS vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack...

CVE-2021-36569

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2...

CVE-2021-36570

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---...

CVE-2020-26167

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one...

Cross site request forgery (csrf)

FUEL CMS 1.4.13 contains a cross-site request forgery CSRF vulnerability that can delete a page via a post ID to /pages/delete/3...

FUEL CMS Cross-Site Request Forgery Vulnerability (CNVD-2021-18031)

FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site request forgery vulnerability exists in the blocks/create/Create Blocks section of the Admin console in FUEL CMS version 1.4.4. The vulnerability stems from the WEB application not adequately verifying th...