Thedaylightstudio: >> Fuel Cms >> 1.4.13 Security Vulnerabilities
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-03
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-02-03
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-08-09
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-03-10