Vulnerabilities > Thedaylightstudio > Fuel CMS > 1.4.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2020-24950 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | 8.8 |
2021-08-09 | CVE-2021-38290 | Injection vulnerability in Thedaylightstudio Fuel CMS A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. | 6.8 |
2020-11-04 | CVE-2020-26167 | Information Exposure vulnerability in Thedaylightstudio Fuel CMS In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | 10.0 |