threat
engine
.sh
Back
·
··:··
Home
/
Product
/
thedaylightstudio fuel cms
Product
thedaylightstudio fuel cms
40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-30459
all versions
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password
7.1
HIGH
CVE-2026-30461
all versions
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /contr
8.3
HIGH
CVE-2026-30460
all versions
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks
8.8
HIGH
CVE-2026-30463
all versions
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
7.7
HIGH
CVE-2026-30458
all versions
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack
9.1
CRITICAL
CVE-2026-30457
all versions
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PH
9.8
CRITICAL
CVE-2024-57605
all versions
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blo
5.4
MEDIUM
CVE-2024-25369
all versions
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string af
5.4
MEDIUM
CVE-2020-24950
all versions
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to ex
8.8
HIGH
CVE-2020-22153
all versions
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the up
9.8
CRITICAL
CVE-2020-22152
all versions
Cross Site Scripting vulnerability in daylight studio FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the
5.4
MEDIUM
CVE-2020-22151
all versions
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the ass
9.8
CRITICAL
CVE-2023-33557
all versions
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
8.8
HIGH
CVE-2021-36570
all versions
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissi
8.8
HIGH
CVE-2021-36569
all versions
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/de
8.8
HIGH
CVE-2021-44117
all versions
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariable
8.8
HIGH
CVE-2022-28599
all versions
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious
5.4
MEDIUM
CVE-2022-27156
all versions
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
5.4
MEDIUM
CVE-2021-44607
all versions
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
5.4
MEDIUM
CVE-2021-38727
all versions
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
9.8
CRITICAL
CVE-2021-38725
all versions
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
5.3
MEDIUM
CVE-2021-38723
all versions
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
8.8
HIGH
CVE-2021-38721
all versions
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
6.5
MEDIUM
CVE-2021-38290
<= 1.5.0
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/f
8.1
HIGH
CVE-2020-28705
all versions
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3
4.3
MEDIUM
CVE-2020-24791
all versions
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an a
9.8
CRITICAL
CVE-2020-23722
all versions
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via th
8.8
HIGH
CVE-2020-23721
all versions
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?la
5.4
MEDIUM
CVE-2020-26046
all versions
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions
5.4
MEDIUM
CVE-2020-26045
all versions
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attac
9.8
CRITICAL
CVE-2020-26167
<= 1.4.12
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account includ
9.8
CRITICAL
CVE-2020-17463
all versions
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
9.8
CRITICAL
CVE-2019-15229
<= 1.4.4
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking
8.8
HIGH
CVE-2019-15228
<= 1.4.4
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious a
5.4
MEDIUM
CVE-2018-20188
all versions
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
8.8
HIGH
CVE-2018-20137
all versions
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated b
4.8
MEDIUM
CVE-2018-20136
all versions
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages
4.8
MEDIUM
CVE-2018-16763
<= 1.4.2
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to
9.8
CRITICAL
CVE-2018-16762
<= 1.4.2
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
9.8
CRITICAL
CVE-2018-16416
all versions
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the a
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin