First published: Sun Sep 09 2018(Updated: )
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | <=1.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16762 is a vulnerability in FUEL CMS 1.4.1 that allows SQL Injection via the layout, published, or search_term parameter to pages/items.
The severity of CVE-2018-16762 is critical with a CVSS score of 9.8.
CVE-2018-16762 affects FUEL CMS 1.4.1.
To fix CVE-2018-16762, update FUEL CMS to version 1.4.2 or higher.
More information about CVE-2018-16762 can be found at the following link: https://github.com/daylightstudio/FUEL-CMS/issues/478