Vulnerabilities > Thedaylightstudio > Fuel CMS > 1.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2020-22151 | Unspecified vulnerability in Thedaylightstudio Fuel CMS 1.4.6 Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. | 9.8 |
| 2023-07-03 | CVE-2020-22152 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.6 Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. | 5.4 |
| 2023-07-03 | CVE-2020-22153 | Unrestricted Upload of File with Dangerous Type vulnerability in Thedaylightstudio Fuel CMS 1.4.6 File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | 9.8 |
| 2021-08-09 | CVE-2021-38290 | Injection vulnerability in Thedaylightstudio Fuel CMS A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. | 6.8 |
| 2020-11-04 | CVE-2020-26167 | Information Exposure vulnerability in Thedaylightstudio Fuel CMS In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | 10.0 |