Shodan
Vulnerabilities
Vulnerable Software
Thedaylightstudio:  >> Fuel Cms  Security Vulnerabilities
CVE-2023-33557
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-06-09
CVE-2021-36569
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-03
CVE-2021-36570
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-03
CVE-2021-44117
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-06-10
CVE-2022-28599
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-03
CVE-2022-27156
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
CVE-2021-44607
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-24
CVE-2021-38727
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-09
CVE-2021-38721
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-09
CVE-2021-38723
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved