David McReynolds - Security Researcher - Exploit Intelligence Platform

CVE-2020-28705 WRITEUP MEDIUM WRITEUP

Thedaylightstudio Fuel Cms - CSRF

FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.

CVSS 4.3

View Code

CVE-2021-38290 WRITEUP HIGH WRITEUP

FUEL CMS <1.5.0 - SSRF

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.

CVSS 8.1

View Code

CVE-2021-38721 WRITEUP MEDIUM WRITEUP

FUEL CMS 1.5.0 - CSRF

FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability

CVSS 6.5

View Code

CVE-2021-38725 WRITEUP MEDIUM WRITEUP

Fuel CMS 1.5.0 - Info Disclosure

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php

CVSS 5.3

View Code