Vulnerabilities > Thedaylightstudio > Fuel CMS > 1.4.13

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36569 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2023-02-03 CVE-2021-36570 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2021-08-09 CVE-2021-38290 Injection vulnerability in Thedaylightstudio Fuel CMS
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.
network
high complexity
thedaylightstudio CWE-74
8.1
8.1
2021-03-10 CVE-2020-28705 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
network
low complexity
thedaylightstudio CWE-352
4.3
4.3