Thedaylightstudio : Security Vulnerabilities, CVEs, (Code Execution)

CVE-2020-24950

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-08-11
Updated
2023-08-16

CVE-2020-22153

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-07-03
Updated
2023-07-11

CVE-2020-22152

Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-03
Updated
2023-07-11

CVE-2020-22151

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
Max CVSS
9.8
EPSS Score
0.27%
Published
2023-07-03
Updated
2023-07-11

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Max CVSS
9.8
EPSS Score
83.29%
Published
2018-09-09
Updated
2021-11-30
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close