FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://cwe.mitre.org/data/definitions/89.html | Technical Description |
https://getfuelcms.com | Vendor Advisory |
https://github.com/daylightstudio/FUEL-CMS/archive/master.zip | Third Party Advisory |
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.8 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-13T12:28:57
Updated: 2022-07-10T20:16:21
Reserved: 2020-08-09T00:00:00
Link: CVE-2020-17463
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-13T13:15:17.357
Modified: 2022-10-26T15:14:57.077
Link: CVE-2020-17463
JSON object: View
Redhat Information
No data.
CWE