CVEDB API

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.118

EPSS Ranking 93.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Ransomware Campaign

Unknown

References

Products affected by CVE-2020-17463

Thedaylightstudio » Fuel Cms » Version: 1.4.7

cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7