File Upload Vulnerability in FUEL-CMS by Daylight Studio
CVE-2020-22153

9.8CRITICAL

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 3 July 2023

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2020-22153?

A vulnerability in FUEL-CMS version 1.4.6 permits remote attackers to upload malicious .php files through the navigation function, resulting in execution of arbitrary code. This flaw can allow unauthorized access to sensitive administrative functionalities and potentially compromise the entire system. It's crucial for users to address this weakness to enhance their security posture.

References

https://github.com/daylightstudio/FUEL-CMS/issues/553

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
Aug 13, 2020

CVE-2020-22153 Data

JSON