6 matches found
Fuel CMS 1.4.7 - SQL Injection
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. id: CVE-2020-17463 info: name: Fuel CMS 1.4.7 - SQL Injection author: Thirukrishnan severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to...
FUEL CMS 1.4.1 - Remote Code Execution
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...
CVE-2021-44117
A Cross Site Request Forgery CSRF vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4...
CVE-2021-44117
A Cross Site Request Forgery CSRF vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4...
CVE-2021-44117
CVE-2021-44117 affects TheDayLightStudio Fuel CMS 1.5.0. The vulnerability is a Cross-Site Request Forgery (CSRF) present in a POST request to /fuel/sitevariables/delete/4, enabling an attacker to forge a request that performs a sensitive operation on behalf of a victim. NVD CVSSv3.1 vector: CVSS...
CVE-2021-44117
A Cross Site Request Forgery CSRF vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4...