thedaylightstudio 漏洞與 CVE 列表(41)

產品(CPE): — CVE 數: 41

thedaylightstudio 漏洞概覽

彙總 thedaylightstudio 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 跨站腳本、SQL 注入與CSRF 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與資料外洩 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12041 CVE 數
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2021-47980 Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays. [email protected] 7.1 0.23% 2026-05-16 2026-06-17
CVE-2026-30459 An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. [email protected] 7.1 0.31% 2026-04-16 2026-07-05
CVE-2026-30461 Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. [email protected] 8.3 0.53% 2026-04-15 2026-07-05
CVE-2026-30460 Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. [email protected] 8.8 0.79% 2026-04-07 2026-07-05
CVE-2026-30463 Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component. [email protected] 7.7 0.33% 2026-03-26 2026-07-05
CVE-2026-30458 An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack. [email protected] 9.1 0.41% 2026-03-26 2026-07-05
CVE-2026-30457 An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code. [email protected] 9.8 0.63% 2026-03-26 2026-07-05
CVE-2024-57605 Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. [email protected] 5.4 0.29% 2025-02-12 2026-06-17
CVE-2024-25369 A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. [email protected] 5.4 0.38% 2024-02-22 2026-06-17
CVE-2020-24950 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. [email protected] 8.8 1.14% 2023-08-11 2026-06-16
CVE-2020-22153 File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. [email protected] 9.8 1.45% 2023-07-03 2026-06-16
CVE-2020-22152 Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. [email protected] 5.4 0.58% 2023-07-03 2026-06-16
CVE-2020-22151 Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. [email protected] 9.8 1.45% 2023-07-03 2026-06-16
CVE-2023-33557 Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. [email protected] 8.8 0.80% 2023-06-09 2026-06-17
CVE-2021-36570 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. [email protected] 8.8 0.73% 2023-02-03 2026-06-16
CVE-2021-36569 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. [email protected] 8.8 0.43% 2023-02-03 2026-06-16
CVE-2021-44117 A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. [email protected] 8.8 1.34% 2022-06-10 2026-06-17
CVE-2022-28599 A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. [email protected] 5.4 0.54% 2022-05-03 2026-06-17
CVE-2022-27156 Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. [email protected] 5.4 0.47% 2022-04-11 2026-06-17
CVE-2021-44607 A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. [email protected] 5.4 0.48% 2022-02-24 2026-06-17
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
cvelogic Threat Intelligence