Fuel Cms@* Security Vulnerabilities and Issues — Fuel Cms@* CVE List

Lucene search

ThedaylightstudioFuel Cms*

6 matches found

CVE•added 2018/09/09 9:29 p.m.•221 views

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

9.8CVSS9.4AI score0.93933EPSS

CVE•added 2019/08/20 12:15 a.m.•103 views

CVE-2019-15228

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

5.4CVSS5.2AI score0.0042EPSS

CVE•added 2019/08/20 12:15 a.m.•96 views

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2018/09/09 9:29 p.m.•41 views

CVE-2018-16762

FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2020/11/04 5:15 p.m.•40 views

CVE-2020-26167

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

10CVSS9.4AI score0.02953EPSS

CVE•added 2021/08/09 11:15 a.m.•35 views

CVE-2021-38290

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.

8.1CVSS7.9AI score0.00436EPSS