CyberSec.Space Logo
Back to CVE Browser

CVE-2020-26045

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile27.18th
PublishedJan 5, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Platforms (CPE)

πŸ“¦
Thedaylightstudio

Fuel Cms

= 1.4.11

References & Advisories

πŸ”— https://getfuelcms.com
πŸ”— https://github.com/daylightstudio/FUEL-CMS/issues/575
πŸ”— https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.11
πŸ”— https://getfuelcms.com
πŸ”— https://github.com/daylightstudio/FUEL-CMS/issues/575
πŸ”— https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.11

Related Vulnerabilities

CVE-2020-247919.8

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an a...

CVE-2020-174639.8

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

CVE-2020-261679.8

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account includ...

CVE-2020-221519.8

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the ass...