Vulnerabilities > Thedaylightstudio > Fuel CMS > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-24950 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
network
low complexity
thedaylightstudio CWE-89
8.8
8.8
2023-06-09 CVE-2023-33557 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
network
low complexity
thedaylightstudio CWE-89
8.8
8.8
2023-02-03 CVE-2021-36569 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2023-02-03 CVE-2021-36570 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2022-06-10 CVE-2021-44117 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2021-09-09 CVE-2021-38723 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
network
low complexity
thedaylightstudio CWE-89
8.8
8.8
2021-08-09 CVE-2021-38290 Injection vulnerability in Thedaylightstudio Fuel CMS
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php.
network
high complexity
thedaylightstudio CWE-74
8.1
8.1
2021-03-10 CVE-2020-23722 Authorization Bypass Through User-Controlled Key vulnerability in Thedaylightstudio Fuel CMS 1.4.7
An issue was discovered in FUEL CMS 1.4.7.
network
low complexity
thedaylightstudio CWE-639
8.8
8.8
2019-08-20 CVE-2019-15229 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8
2018-12-17 CVE-2018-20188 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.3
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
network
low complexity
thedaylightstudio CWE-352
8.8
8.8