Vulnerabilities > Thedaylightstudio > Fuel CMS > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2020-24950 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | 8.8 |
2023-06-09 | CVE-2023-33557 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2 Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | 8.8 |
2023-02-03 | CVE-2021-36569 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | 8.8 |
2023-02-03 | CVE-2021-36570 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | 8.8 |
2021-09-09 | CVE-2021-38727 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | 7.5 |
2021-03-10 | CVE-2020-24791 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.8 FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. | 7.5 |
2021-01-05 | CVE-2020-26045 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.11 FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. | 7.5 |
2018-09-09 | CVE-2018-16763 | Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. | 7.5 |
2018-09-09 | CVE-2018-16762 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | 7.5 |