CyberSec.Space Logo
Back to CVE Browser

CVE-2020-17463

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score71.1420%
EPSS Percentile86.75th
PublishedAug 13, 2020
Last ModifiedNov 7, 2025

Vulnerability Description

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Affected Platforms (CPE)

πŸ“¦
Thedaylightstudio

Fuel Cms

= 1.4.7

References & Advisories

πŸ”— http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
πŸ”— https://cwe.mitre.org/data/definitions/89.html
πŸ”— https://getfuelcms.com
πŸ”— https://github.com/daylightstudio/FUEL-CMS/archive/master.zip
πŸ”— https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.8
πŸ”— http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
πŸ”— https://cwe.mitre.org/data/definitions/89.html
πŸ”— https://getfuelcms.com

Related Vulnerabilities

CVE-2020-247919.8

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an a...

CVE-2020-261679.8

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account includ...

CVE-2020-260459.8

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attac...

CVE-2020-221519.8

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the ass...