CVE-2020-22151

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0460%

EPSS Percentile10.38th

PublishedJul 3, 2023

Last ModifiedNov 25, 2024

Vulnerability Description

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.

Affected Platforms (CPE)

📦

Thedaylightstudio

Fuel Cms

= 1.4.6

References & Advisories

🔗 https://github.com/daylightstudio/FUEL-CMS/issues/551

Related Vulnerabilities

CVE-2020-260459.8

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attac...

CVE-2020-174639.8

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

CVE-2020-261679.8

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account includ...

CVE-2020-247919.8

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an a...