David McReynolds

4 exploits Active since Mar 2021
CVE-2020-28705 WRITEUP MEDIUM WRITEUP
FUEL CMS 1.4.13 - Cross-Site Request Forgery via Page Deletion Endpoint
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
CVSS 4.3
CVE-2021-38290 WRITEUP HIGH WRITEUP
FUEL CMS < 1.5.0 - Host Header Injection
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVSS 8.1
CVE-2021-38721 WRITEUP MEDIUM WRITEUP
FUEL CMS 1.5.0 - Cross-Site Request Forgery in login.php
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
CVSS 6.5
CVE-2021-38725 WRITEUP MEDIUM WRITEUP
Fuel CMS 1.5.0 - Brute Force Attack via Login Controller
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
CVSS 5.3