Vulnerabilities > Thedaylightstudio > Fuel CMS

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2021-44607 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
3.5
2021-09-09 CVE-2021-38727 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
network
low complexity
thedaylightstudio CWE-89
7.5
2021-09-09 CVE-2021-38721 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
4.3
2021-09-09 CVE-2021-38723 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
network
low complexity
thedaylightstudio CWE-89
6.5
2021-09-09 CVE-2021-38725 Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
network
low complexity
thedaylightstudio CWE-307
5.0
2021-08-09 CVE-2021-38290 Injection vulnerability in Thedaylightstudio Fuel CMS
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.
6.8
2021-03-10 CVE-2020-28705 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
4.3
2021-03-10 CVE-2020-24791 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.8
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1.
network
low complexity
thedaylightstudio CWE-89
7.5
2021-03-10 CVE-2020-23722 Improper Privilege Management vulnerability in Thedaylightstudio Fuel CMS 1.4.7
An issue was discovered in FUEL CMS 1.4.7.
network
low complexity
thedaylightstudio CWE-269
6.5
2021-03-10 CVE-2020-23721 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.7
An issue was discovered in FUEL CMS V1.4.7.
3.5