CVE-2021-47980

Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

CVSS 7.1 HIGHEPSS 0.2%CWE-89

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Getfuelcms · Fuel CMS

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/50523no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip https://www.exploit-db.com/exploits/50523 https://www.getfuelcms.com/https://www.vulncheck.com/advisories/fuel-cms-blind-sql-injection-via-col-parameter