Vulnerabilities > Thedaylightstudio
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-24 | CVE-2021-44607 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | 5.4 |
2021-09-09 | CVE-2021-38727 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | 9.8 |
2021-09-09 | CVE-2021-38721 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | 6.5 |
2021-09-09 | CVE-2021-38723 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | 8.8 |
2021-09-09 | CVE-2021-38725 | Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0 Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | 5.3 |
2021-08-09 | CVE-2021-38290 | Injection vulnerability in Thedaylightstudio Fuel CMS A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. | 8.1 |
2021-03-10 | CVE-2020-28705 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3. | 4.3 |
2021-03-10 | CVE-2020-24791 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.8 FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. | 9.8 |
2021-03-10 | CVE-2020-23722 | Authorization Bypass Through User-Controlled Key vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS 1.4.7. | 8.8 |
2021-03-10 | CVE-2020-23721 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS V1.4.7. | 5.4 |