CVE-2019-15229: CSRF
First published: Tue Aug 20 2019(Updated: )
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TheDayLightStudio Fuel CMS | <=1.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15229?
CVE-2019-15229 is a vulnerability found in FUEL CMS 1.4.4 that allows for CSRF attacks in the blocks/create section of the Admin console.
How does CVE-2019-15229 affect FUEL CMS?
CVE-2019-15229 allows an attacker to trick the administrator into executing arbitrary code via a specially crafted HTML page.
What is the severity of CVE-2019-15229?
CVE-2019-15229 has a severity rating of 8.8 (high).
How can I fix CVE-2019-15229?
To fix CVE-2019-15229, it is recommended to upgrade to a version of FUEL CMS that does not have this vulnerability.
Where can I find more information about CVE-2019-15229?
More information about CVE-2019-15229 can be found in the GitHub issue and the Seven Layers website.
- collector/nvd-index
- agent/references
- agent/type
- vendor/thedaylightstudio
- canonical/thedaylightstudio fuel cms
- version/thedaylightstudio fuel cms/1.4.4