58 matches found
FUEL CMS 1.4.1 - Remote Code Execution
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...
CVE-2026-30462
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...
CVE-2026-30462
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...
EUVD-2026-25881
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...
CVE-2026-30462
This CVE covers a path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 . Connected sources consistently identify the issue as a directory traversal risk within the Blocks component, affecting FuelCMS’s Blocks controller (e.g., Blocks.php). No concrete exploitation d...
CVE-2026-30462
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...
PT-2026-35455
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...
CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...
EUVD-2026-23231
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-30459
FuelCMS v1.5.2 is affected by CVE-2026-30459. The issue arises from FuelCMS not validating the Host header when constructing the password reset URL, allowing an unauthenticated attacker to trigger a reset for a valid user email and have the application send a legitimate-looking email with a reset...
PT-2026-33310
Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description An issue in the Forgot Password feature allows unauthenticated attackers to obtain the password reset token of a victim user. The application fails to validate the Host header when constructing...
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
EUVD-2026-22976
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...
CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...
CVE-2026-30461
Summary: CVE-2026-30461 affects Daylight Studio FuelCMS v1.5.2. An authenticated attacker can trigger remote code execution via the installer path: /controllers/Installer.php, abusing the add_git_submodule function. The underlying issue is insufficient access control for the installer submodule o...
CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...
CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the /controllers/Installer.php and the function addgitsubmodule...