First published: Tue Jan 05 2021(Updated: )
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.4.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26045 is a vulnerability in FUEL CMS 1.4.11 that allows SQL Injection via the 'name' parameter in /fuel/permissions/create/.
CVE-2020-26045 has a severity rating of critical (9.8).
Exploiting CVE-2020-26045 could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
FUEL CMS version 1.4.11 is affected by CVE-2020-26045.
To fix CVE-2020-26045, update to a version of FUEL CMS that is not affected by the vulnerability.