What is the severity of CVE-2018-16763?

CVE-2018-16763 has a severity of critical with a severity value of 9.8.

How can FUEL CMS 1.4.1 be affected by CVE-2018-16763?

FUEL CMS 1.4.1 can be affected by CVE-2018-16763 if the pages/select/ filter parameter or the preview/ data parameter are exploited for PHP Code Evaluation, enabling Pre-Auth Remote Code Execution.

How to fix CVE-2018-16763?

To fix CVE-2018-16763, it is recommended to update FUEL CMS to version 1.4.2 or later.

Where can I find more information about CVE-2018-16763?

More information about CVE-2018-16763 can be found at the following references: [1](http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html), [2](http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html), [3](http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html)

Vulnerability/
CVE-2018-16763

critical

9.8

CWE

9/9/2018

30/11/2021

CVE-2018-16763

Q: What is CVE-2018-16763?

CVE-2018-16763 is a vulnerability in FUEL CMS 1.4.1 that allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter, leading to Pre-Auth Remote Code Execution.

First published: Sun Sep 09 2018(Updated: )

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
TheDayLightStudio Fuel CMS	<=1.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-16763?
CVE-2018-16763 is a vulnerability in FUEL CMS 1.4.1 that allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter, leading to Pre-Auth Remote Code Execution.
What is the severity of CVE-2018-16763?
CVE-2018-16763 has a severity of critical with a severity value of 9.8.
How can FUEL CMS 1.4.1 be affected by CVE-2018-16763?
FUEL CMS 1.4.1 can be affected by CVE-2018-16763 if the pages/select/ filter parameter or the preview/ data parameter are exploited for PHP Code Evaluation, enabling Pre-Auth Remote Code Execution.
How to fix CVE-2018-16763?
To fix CVE-2018-16763, it is recommended to update FUEL CMS to version 1.4.2 or later.
Where can I find more information about CVE-2018-16763?
More information about CVE-2018-16763 can be found at the following references: [1](http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html), [2](http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html), [3](http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html)

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/type
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/thedaylightstudio
canonical/thedaylightstudio fuel cms
version/thedaylightstudio fuel cms/1.4.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.