Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown

CVE-2020-26045

Disclosure Date: January 05, 2021 (last updated February 22, 2025)
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attacker Value
Unknown

CVE-2020-26046

Disclosure Date: January 05, 2021 (last updated February 22, 2025)
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
Attacker Value
Unknown

CVE-2020-17463

Disclosure Date: August 13, 2020 (last updated February 21, 2025)
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Attacker Value
Unknown

CVE-2018-20188

Disclosure Date: December 17, 2018 (last updated November 27, 2024)
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
0
Attacker Value
Unknown

CVE-2018-20136

Disclosure Date: December 13, 2018 (last updated November 27, 2024)
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
0
Attacker Value
Unknown

CVE-2018-20137

Disclosure Date: December 13, 2018 (last updated November 27, 2024)
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
0
Attacker Value
Unknown

CVE-2018-16416

Disclosure Date: September 03, 2018 (last updated November 27, 2024)
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
0