Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown
CVE-2020-26045
Disclosure Date: January 05, 2021 (last updated February 22, 2025)
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
0
Attacker Value
Unknown
CVE-2020-26046
Disclosure Date: January 05, 2021 (last updated February 22, 2025)
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
0
Attacker Value
Unknown
CVE-2020-17463
Disclosure Date: August 13, 2020 (last updated February 21, 2025)
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
0
Attacker Value
Unknown
CVE-2018-20188
Disclosure Date: December 17, 2018 (last updated November 27, 2024)
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
0
Attacker Value
Unknown
CVE-2018-20136
Disclosure Date: December 13, 2018 (last updated November 27, 2024)
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
0
Attacker Value
Unknown
CVE-2018-20137
Disclosure Date: December 13, 2018 (last updated November 27, 2024)
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
0
Attacker Value
Unknown
CVE-2018-16416
Disclosure Date: September 03, 2018 (last updated November 27, 2024)
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
0