Vulnerabilities > Thedaylightstudio > Fuel CMS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2020-22153 | Unrestricted Upload of File with Dangerous Type vulnerability in Thedaylightstudio Fuel CMS 1.4.6 File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | 9.8 |
| 2023-07-03 | CVE-2020-22151 | Unspecified vulnerability in Thedaylightstudio Fuel CMS 1.4.6 Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. | 9.8 |
| 2021-09-09 | CVE-2021-38727 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | 9.8 |
| 2021-03-10 | CVE-2020-24791 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.8 FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. | 9.8 |
| 2021-01-05 | CVE-2020-26045 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.11 FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. | 9.8 |
| 2020-11-04 | CVE-2020-26167 | Unspecified vulnerability in Thedaylightstudio Fuel CMS In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | 9.8 |
| 2020-08-13 | CVE-2020-17463 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.7 FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | 9.8 |
| 2018-09-09 | CVE-2018-16762 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | 9.8 |
| 2018-09-09 | CVE-2018-16763 | Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. | 9.8 |