Shodan
Vulnerabilities
Vulnerable Software
Thedaylightstudio:  >> Fuel Cms  Security Vulnerabilities
CVE-2021-38725
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-09
CVE-2021-38290
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-08-09
CVE-2020-23721
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-10
CVE-2020-23722
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-03-10
CVE-2020-24791
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVSS Score
9.8
EPSS Score
0.036
Published
2021-03-10
CVE-2020-28705
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-03-10
CVE-2020-26045
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-01-05
CVE-2020-26046
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-01-05
CVE-2020-26167
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVSS Score
9.8
EPSS Score
0.03
Published
2020-11-04
CVE-2020-17463
Known exploited
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
CVSS Score
9.8
EPSS Score
0.175
Published
2020-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved