📦 Fuel Cms

CVE-2020-22151 is a critical remote code execution vulnerability in Fuel-CMS that allows attackers to upload malicious zip files containing PHP code. This affects all systems running Fuel-CMS version ...

CVE-2020-22153 is a critical file upload vulnerability in FUEL-CMS that allows remote attackers to upload malicious PHP files and execute arbitrary code on the server. This affects all systems running...

CVE-2021-38727 is a SQL injection vulnerability in FUEL CMS that allows attackers to execute arbitrary SQL commands via the 'col' parameter in the logs module. This affects all systems running FUEL CM...

This vulnerability allows SQL injection in FUEL CMS 1.4.8 through the 'fuel_replace_id' parameter. Attackers can execute arbitrary SQL commands, potentially compromising the application and database. ...

CVE-2020-26167 is a critical authentication bypass vulnerability in FUEL CMS that allows anonymous users to take complete ownership of any account, including administrator accounts, through the page p...

This CSRF vulnerability in FUEL-CMS allows attackers to trick authenticated administrators into executing unauthorized actions, specifically deleting permissions via crafted requests. Any FUEL-CMS ins...

FUEL CMS 1.5.0 contains a SQL injection vulnerability in the 'col' parameter of the /fuel/index.php/fuel/pages/items endpoint. This allows attackers to execute arbitrary SQL commands on the database. ...

This CVE describes a host header injection vulnerability in FUEL CMS versions 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. Attackers can exploit...

FUEL CMS 1.4.7 contains an authorization bypass vulnerability that allows attackers to escalate privileges to super admin level by manipulating 'id' and 'fuel_id' parameters. This affects all installa...