Vulnerabilities > Thedaylightstudio > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2020-24950 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | 8.8 |
2023-06-09 | CVE-2023-33557 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2 Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | 8.8 |
2023-02-03 | CVE-2021-36569 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | 8.8 |
2023-02-03 | CVE-2021-36570 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | 8.8 |
2022-06-10 | CVE-2021-44117 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0 A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. | 8.8 |
2021-09-09 | CVE-2021-38723 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | 8.8 |
2021-08-09 | CVE-2021-38290 | Injection vulnerability in Thedaylightstudio Fuel CMS A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. | 8.1 |
2021-03-10 | CVE-2020-23722 | Authorization Bypass Through User-Controlled Key vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS 1.4.7. | 8.8 |
2019-08-20 | CVE-2019-15229 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. | 8.8 |
2018-12-17 | CVE-2018-20188 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.3 FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | 8.8 |