First published: Fri Aug 11 2023(Updated: )
SQL Injection vulnerability in file `Base_module_model.php` in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the `col` parameter to function `list_items`.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.4.9 | |
composer/codeigniter/framework | <=1.4.9 | 1.4.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24950 is a SQL Injection vulnerability in the file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9.
Remote attackers can exploit CVE-2020-24950 by executing arbitrary code through the 'col' parameter in the function 'list_items'.
CVE-2020-24950 has a severity keyword of 'high' and a severity value of 8.8.
To fix CVE-2020-24950, update to Daylight Studio FUEL-CMS version 1.4.10 or higher.
Yes, you can find more information about CVE-2020-24950 in the references provided: [link1](https://nvd.nist.gov/vuln/detail/CVE-2020-24950), [link2](https://github.com/daylightstudio/FUEL-CMS/issues/562), [link3](https://github.com/daylightstudio/FUEL-CMS/commit/c8d9381d39b1c0f5488cf059ea9aa659ee227da4).