Vulnerability Details CVE-2020-24791
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 89.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/daylightstudio/FUEL-CMS/issues/561
- https://github.com/leerina/vulnerability/blob/master/Fuel%20CMS%201.4.8%20SQLi%20vulnerability.txt
- https://www.exploit-db.com/exploits/48778
- https://github.com/daylightstudio/FUEL-CMS/issues/561
- https://github.com/leerina/vulnerability/blob/master/Fuel%20CMS%201.4.8%20SQLi%20vulnerability.txt
- https://www.exploit-db.com/exploits/48778
Products affected by CVE-2020-24791
-
cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.8