Export limit exceeded: 19161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47980 | 2 Getfuelcms, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-05-18 | 7.1 High |
| Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays. | ||||
| CVE-2026-30459 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-23 | 7.1 High |
| An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. | ||||
| CVE-2026-30461 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-20 | 8.3 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. | ||||
| CVE-2026-30460 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-13 | 8.8 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | ||||
| CVE-2026-30457 | 2 Daylightstudio, Thedaylightstudio | 3 Fuel Cms, Dwoo, Fuel Cms | 2026-03-30 | 9.8 Critical |
| An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code. | ||||
| CVE-2026-30458 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-03-30 | 9.1 Critical |
| An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack. | ||||
| CVE-2026-30463 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-03-30 | 7.7 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component. | ||||
| CVE-2020-17463 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-11-07 | 9.8 Critical |
| FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | ||||
| CVE-2024-57605 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-07-09 | 5.4 Medium |
| Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. | ||||
| CVE-2020-26167 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-05-30 | 9.8 Critical |
| In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | ||||
| CVE-2024-25369 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-04-03 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. | ||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | 8.8 High |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | ||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | 8.8 High |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | ||||
| CVE-2023-33557 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-01-06 | 8.8 High |
| Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | ||||
| CVE-2020-22151 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-25 | 9.8 Critical |
| Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. | ||||
| CVE-2020-22152 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-22 | 5.4 Medium |
| Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. | ||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-22 | 9.8 Critical |
| File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | ||||
| CVE-2022-28599 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | ||||
| CVE-2022-27156 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | ||||
| CVE-2021-44607 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | ||||