First published: Thu Sep 09 2021(Updated: )
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38727 is a SQL Injection vulnerability in FUEL CMS 1.5.0.
CVE-2021-38727 has a severity rating of 9.8 (Critical).
CVE-2021-38727 occurs when an attacker uses a specially crafted 'col' parameter in the /fuel/index.php/fuel/logs/items endpoint to inject malicious SQL code.
Yes, FUEL CMS 1.5.0 is the only affected version of the software.
The Common Weakness Enumeration (CWE) for CVE-2021-38727 is CWE-89 (SQL Injection).