Thedaylightstudio: Security Vulnerabilities
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-13
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-09
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.939
Published
2018-09-09
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-03
Page 4