CVE-2020-24950

Description

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

Related CPE's

a thedaylightstudio fuel_cms 1.4.9 *******

References

https://github.com/daylightstudio/FUEL-CMS/issues/562

ExploitVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io