Shodan
Vulnerabilities
Vulnerable Software
Thedaylightstudio:  Security Vulnerabilities
CVE-2020-26167
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVSS Score
9.8
EPSS Score
0.035
Published
2020-11-04
CVE-2020-17463
Known exploited
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
CVSS Score
9.8
EPSS Score
0.9
Published
2020-08-13
CVE-2019-15228
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
CVSS Score
5.4
EPSS Score
0.007
Published
2019-08-20
CVE-2019-15229
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-08-20
CVE-2018-20188
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-12-17
CVE-2018-20136
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
CVSS Score
4.8
EPSS Score
0.006
Published
2018-12-13
CVE-2018-20137
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
CVSS Score
4.8
EPSS Score
0.006
Published
2018-12-13
CVE-2018-16762
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-09-09
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.829
Published
2018-09-09
CVE-2018-16416
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved