← back
CVE-2020-26167

CVE-2020-26167

EPSS 3.5%
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-26167https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/https://github.com/daylightstudio/FUEL-CMS/https://thedaylightstudio.com/https://www.getfuelcms.com/