Vulnerabilities > Thedaylightstudio

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-24950 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
network
low complexity
thedaylightstudio CWE-89
8.8
2023-07-03 CVE-2020-22151 Unspecified vulnerability in Thedaylightstudio Fuel CMS 1.4.6
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
network
low complexity
thedaylightstudio
critical
9.8
2023-07-03 CVE-2020-22152 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.6
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
network
low complexity
thedaylightstudio CWE-79
5.4
2023-07-03 CVE-2020-22153 Unrestricted Upload of File with Dangerous Type vulnerability in Thedaylightstudio Fuel CMS 1.4.6
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
network
low complexity
thedaylightstudio CWE-434
critical
9.8
2023-06-09 CVE-2023-33557 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
network
low complexity
thedaylightstudio CWE-89
8.8
2023-02-03 CVE-2021-36569 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
network
low complexity
thedaylightstudio CWE-352
8.8
2023-02-03 CVE-2021-36570 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
network
low complexity
thedaylightstudio CWE-352
8.8
2022-06-10 CVE-2021-44117 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
network
low complexity
thedaylightstudio CWE-352
8.8
2022-05-03 CVE-2022-28599 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload.
network
low complexity
thedaylightstudio CWE-79
5.4
2022-04-11 CVE-2022-27156 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
network
low complexity
thedaylightstudio CWE-79
5.4