CVE-2021-38727: SQL Injection
First published: Thu Sep 09 2021(Updated: )
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TheDayLightStudio Fuel CMS | =1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38727?
CVE-2021-38727 is a SQL Injection vulnerability in FUEL CMS 1.5.0.
How severe is CVE-2021-38727?
CVE-2021-38727 has a severity rating of 9.8 (Critical).
How does CVE-2021-38727 occur?
CVE-2021-38727 occurs when an attacker uses a specially crafted 'col' parameter in the /fuel/index.php/fuel/logs/items endpoint to inject malicious SQL code.
Is FUEL CMS 1.5.0 the only affected version?
Yes, FUEL CMS 1.5.0 is the only affected version of the software.
What is the Common Weakness Enumeration (CWE) for CVE-2021-38727?
The Common Weakness Enumeration (CWE) for CVE-2021-38727 is CWE-89 (SQL Injection).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/thedaylightstudio
- canonical/thedaylightstudio fuel cms
- version/thedaylightstudio fuel cms/1.5.0