SQL Injection Vulnerability in Daylight Studio FUEL-CMS
CVE-2020-24950

8.8HIGH

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 11 August 2023

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2020-24950?

A vulnerability exists in Daylight Studio's FUEL-CMS version 1.4.9 that enables remote attackers to exploit an SQL Injection flaw located in the Base_module_model.php file. By manipulating the 'col' parameter used in the function 'list_items', attackers can inject arbitrary SQL queries, potentially leading to unauthorized access and execution of malicious code within the database.

References

https://github.com/daylightstudio/FUEL-CMS/issues/562

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Aug 28, 2020

CVE-2020-24950 Data

JSON