Vulnerabilities > Thedaylightstudio > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-03 CVE-2020-22151 Unspecified vulnerability in Thedaylightstudio Fuel CMS 1.4.6
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
network
low complexity
thedaylightstudio
critical
 9.8
9.8
2023-07-03 CVE-2020-22153 Unrestricted Upload of File with Dangerous Type vulnerability in Thedaylightstudio Fuel CMS 1.4.6
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
network
low complexity
thedaylightstudio CWE-434
critical
 9.8
9.8
2021-09-09 CVE-2021-38727 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
network
low complexity
thedaylightstudio CWE-89
critical
 9.8
9.8
2021-03-10 CVE-2020-24791 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.8
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1.
network
low complexity
thedaylightstudio CWE-89
critical
 9.8
9.8
2021-01-05 CVE-2020-26045 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.11
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/.
network
low complexity
thedaylightstudio CWE-89
critical
 9.8
9.8
2020-11-04 CVE-2020-26167 Unspecified vulnerability in Thedaylightstudio Fuel CMS
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
network
low complexity
thedaylightstudio
critical
 9.8
9.8
2020-08-13 CVE-2020-17463 SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.7
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
network
low complexity
thedaylightstudio CWE-89
critical
 9.8
9.8
2018-09-09 CVE-2018-16763 Injection vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
network
low complexity
thedaylightstudio CWE-74
critical
 9.8
9.8
2018-09-09 CVE-2018-16762 SQL Injection vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
network
low complexity
thedaylightstudio CWE-89
critical
 9.8
9.8