CSRF Vulnerability in FUEL CMS by m3lon
CVE-2018-20188

8.8HIGH

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 17 December 2018

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2018-20188?

FUEL CMS version 1.4.3 is susceptible to a Cross-Site Request Forgery (CSRF) attack, specifically targeting the user creation endpoint. This vulnerability could allow an attacker to forge unauthorized requests, enabling the malicious addition of an administrator account without the legitimate user's consent. Such exploitation poses a significant risk to the integrity of the CMS, as it compromises user access controls and may lead to unauthorized access to sensitive functionalities.

References

https://github.com/m3lon/CVE/blob/master/CSRF/FUELCMS%20C...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 17, 2018

CVE-2018-20188 Data

JSON