Shodan
Vulnerabilities
Vulnerable Software
Thedaylightstudio:  Security Vulnerabilities
CVE-2024-57605
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-02-12
CVE-2024-25369
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-22
CVE-2020-24950
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
CVSS Score
8.8
EPSS Score
0.018
Published
2023-08-11
CVE-2020-22151
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
CVSS Score
9.8
EPSS Score
0.048
Published
2023-07-03
CVE-2020-22152
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-07-03
CVE-2020-22153
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
CVSS Score
9.8
EPSS Score
0.053
Published
2023-07-03
CVE-2023-33557
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-06-09
CVE-2021-36569
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-03
CVE-2021-36570
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-02-03
CVE-2021-44117
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-06-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved