CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://getfuelcms.com
https://github.com/daylightstudio/FUEL-CMS/issues/575
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.11
https://getfuelcms.com
https://github.com/daylightstudio/FUEL-CMS/issues/575
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.11

Products affected by CVE-2020-26045

Thedaylightstudio » Fuel Cms » Version: 1.4.11

cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26045

Products

Pricing

Contact Us