Thedaylightstudio : Security Vulnerabilities, CVEs, (Code Execution)
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-08-11
Updated
2023-08-16
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-07-03
Updated
2023-07-11
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-03
Updated
2023-07-11
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
Max CVSS
9.8
EPSS Score
0.27%
Published
2023-07-03
Updated
2023-07-11
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Max CVSS
9.8
EPSS Score
83.29%
Published
2018-09-09
Updated
2021-11-30
5 vulnerabilities found