Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2021-44117

Disclosure Date: June 10, 2022 (last updated October 07, 2023)
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-38727

Disclosure Date: September 09, 2021 (last updated February 23, 2025)
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-38723

Disclosure Date: September 09, 2021 (last updated February 23, 2025)
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-38725

Disclosure Date: September 09, 2021 (last updated February 23, 2025)
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-38721

Disclosure Date: September 09, 2021 (last updated February 23, 2025)
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0