High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-11	CVE-2020-24950	SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. network low complexity thedaylightstudio CWE-89	8.8
2023-06-09	CVE-2023-33557	SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2 Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. network low complexity thedaylightstudio CWE-89	8.8
2023-02-03	CVE-2021-36569	Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. network low complexity thedaylightstudio CWE-352	8.8
2023-02-03	CVE-2021-36570	Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. network low complexity thedaylightstudio CWE-352	8.8
2021-09-09	CVE-2021-38727	SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items network low complexity thedaylightstudio CWE-89	7.5
2021-03-10	CVE-2020-24791	SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.8 FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. network low complexity thedaylightstudio CWE-89	7.5
2021-01-05	CVE-2020-26045	SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.11 FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. network low complexity thedaylightstudio CWE-89	7.5
2018-09-09	CVE-2018-16763	Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. network low complexity thedaylightstudio CWE-74	7.5
2018-09-09	CVE-2018-16762	SQL Injection vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. network low complexity thedaylightstudio CWE-89	7.5