Vulnerabilities > Thedaylightstudio

DATE CVE VULNERABILITY TITLE RISK
2018-09-09 CVE-2018-16762 SQL Injection vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
network
low complexity
thedaylightstudio CWE-89
critical
9.8
2018-09-03 CVE-2018-16416 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
network
low complexity
thedaylightstudio CWE-352
8.8