Cross Site Request Forgery Vulnerability in Fuel CMS by TheDayLightStudio
CVE-2021-44117

8.8HIGH

Key Information:

Vendor

Thedaylightstudio

Status
Fuel Cms
Vendor
CVE Published:
10 June 2022

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2021-44117?

A Cross Site Request Forgery vulnerability exists in Fuel CMS version 1.5.0, allowing unauthorized actions via a malicious POST request to /fuel/sitevariables/delete/4. This flaw can be exploited to manipulate site variables without proper authentication, potentially resulting in unauthorized data exposure or modification.

References

https://www.getfuelcms.com/
x_refsource_MISC
https://github.com/warmachine-57/CVE-2021-44117/blob/main...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

.