CVE-2021-38727
CRITICALFUEL CMS 1.5.0 - SQL Injection via 'col' Parameter in Logs Endpoint
Title source: llmDescription
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/daylightstudio/FUEL-CMS/issues/582
Broken Link x_refsource_misc
https://www.nu11secur1ty.com/2021/10/cve-2021-38727.html
Broken Link x_refsource_misc
https://streamable.com/lxw3ln
Scores
CVSS v3
9.8
EPSS
0.0161
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
thedaylightstudio/fuel_cms
1.5.0
Published
Sep 09, 2021
Tracked Since
Feb 18, 2026