CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-26045

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile27.18th
Published2021年1月5日
Last Modified2024年11月21日

Vulnerability Description

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Platforms (CPE)

📦
Thedaylightstudio

Fuel Cms

= 1.4.11

References & Advisories

🔗 https://getfuelcms.com
🔗 https://github.com/daylightstudio/FUEL-CMS/issues/575
🔗 https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.11
🔗 https://getfuelcms.com
🔗 https://github.com/daylightstudio/FUEL-CMS/issues/575
🔗 https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.11

相關漏洞威脅

CVE-2020-247919.8

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an a...

CVE-2020-174639.8

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

CVE-2020-261679.8

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account includ...

CVE-2020-221519.8

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the ass...