QwikSec

Security Database

CVE

CWE

Training

CVE-2020-24791

Published: Mar 10, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/daylightstudio/FUEL-CMS/issues/561

x_refsource_MISC

https://github.com/leerina/vulnerability/blob/master/Fuel%20CMS%201.4.8%20SQLi%20vulnerability.txt

x_refsource_MISC

https://www.exploit-db.com/exploits/48778

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.