CVE-2020-26167
First published: Wed Nov 04 2020(Updated: )
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TheDayLightStudio Fuel CMS | <=1.4.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-26167?
CVE-2020-26167 is a vulnerability in FUEL CMS 11.4.12 and earlier that allows an anonymous user to take complete ownership of any account, including an administrator one.
What is the severity of CVE-2020-26167?
CVE-2020-26167 has a severity rating of 9.8, which is considered critical.
How does CVE-2020-26167 affect FUEL CMS?
CVE-2020-26167 allows an anonymous user to gain complete ownership of any account in FUEL CMS, including administrator accounts.
Which version of FUEL CMS is affected by CVE-2020-26167?
FUEL CMS version 11.4.12 and earlier are affected by CVE-2020-26167.
How can I fix CVE-2020-26167?
To fix CVE-2020-26167, you should update FUEL CMS to a version newer than 11.4.12.
- collector/nvd-index
- vendor/thedaylightstudio
- canonical/thedaylightstudio fuel cms
- version/thedaylightstudio fuel cms/1.4.12