Thedaylightstudio: >> Fuel Cms >> 1.4.6 Security Vulnerabilities
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
CVSS Score
9.8
EPSS Score
0.048
Published
2023-07-03
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-07-03
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
CVSS Score
9.8
EPSS Score
0.053
Published
2023-07-03
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-08-09
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVSS Score
9.8
EPSS Score
0.03
Published
2020-11-04