First published: Fri Feb 03 2023(Updated: )
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.4.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36570 is a Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 that allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
CVE-2021-36570 has a severity score of 8.8, which is considered high.
CVE-2021-36570 affects FUEL-CMS version 1.4.13.
To fix the Cross Site Request Forgery vulnerability in FUEL-CMS, update to a version that is not affected by the vulnerability.
You can find more information about CVE-2021-36570 at the following reference: https://github.com/daylightstudio/FUEL-CMS/issues/579