Thedaylightstudio: >> Fuel Cms >> 1.5.0 Security Vulnerabilities
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-06-10
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-09
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-09
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-09
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-09
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-08-09