First published: Sun Sep 09 2018(Updated: )
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | <=1.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16763 is a vulnerability in FUEL CMS 1.4.1 that allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter, leading to Pre-Auth Remote Code Execution.
CVE-2018-16763 has a severity of critical with a severity value of 9.8.
FUEL CMS 1.4.1 can be affected by CVE-2018-16763 if the pages/select/ filter parameter or the preview/ data parameter are exploited for PHP Code Evaluation, enabling Pre-Auth Remote Code Execution.
To fix CVE-2018-16763, it is recommended to update FUEL CMS to version 1.4.2 or later.
More information about CVE-2018-16763 can be found at the following references: [1](http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html), [2](http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html), [3](http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html)