CyberSec.Space Logo
Back to CVE Browser

CVE-2020-24791

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0930%
EPSS Percentile4.79th
PublishedMar 10, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Platforms (CPE)

πŸ“¦
Thedaylightstudio

Fuel Cms

= 1.4.8

References & Advisories

πŸ”— https://github.com/daylightstudio/FUEL-CMS/issues/561
πŸ”— https://github.com/leerina/vulnerability/blob/master/Fuel%20CMS%201.4.8%20SQLi%20vulnerability.txt
πŸ”— https://www.exploit-db.com/exploits/48778
πŸ”— https://github.com/daylightstudio/FUEL-CMS/issues/561
πŸ”— https://github.com/leerina/vulnerability/blob/master/Fuel%20CMS%201.4.8%20SQLi%20vulnerability.txt
πŸ”— https://www.exploit-db.com/exploits/48778

Related Vulnerabilities

CVE-2020-260459.8

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attac...

CVE-2020-174639.8

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

CVE-2020-261679.8

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account includ...

CVE-2020-221519.8

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the ass...