First published: Wed Nov 04 2020(Updated: )
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | <=1.4.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26167 is a vulnerability in FUEL CMS 11.4.12 and earlier that allows an anonymous user to take complete ownership of any account, including an administrator one.
CVE-2020-26167 has a severity rating of 9.8, which is considered critical.
CVE-2020-26167 allows an anonymous user to gain complete ownership of any account in FUEL CMS, including administrator accounts.
FUEL CMS version 11.4.12 and earlier are affected by CVE-2020-26167.
To fix CVE-2020-26167, you should update FUEL CMS to a version newer than 11.4.12.