SQL Injection Vulnerability in FUEL CMS by Daylight Studio
CVE-2018-16762

9.8CRITICAL

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 9 September 2018

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2018-16762?

The FUEL CMS version 1.4.1 is susceptible to SQL injection attacks through the layout, published, or search_term parameters within pages or items. This flaw allows attackers to manipulate database queries, potentially leading to unauthorized data access and exploitation of the application. Website administrators are urged to apply necessary patches and mitigate this risk by validating and sanitizing user inputs.

References

https://github.com/daylightstudio/FUEL-CMS/issues/478

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2018
Vulnerability Reserved
Sep 9, 2018

CVE-2018-16762 Data

JSON