Daylight Studio FUEL-CMS SQLi Vulnerability
High severity
GitHub Reviewed
Published
Aug 11, 2023
to the GitHub Advisory Database
•
Updated Nov 9, 2023
Description
Published by the National Vulnerability Database
Aug 11, 2023
Published to the GitHub Advisory Database
Aug 11, 2023
Reviewed
Aug 11, 2023
Last updated
Nov 9, 2023
SQL Injection vulnerability in file
Base_module_model.php
in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via thecol
parameter to functionlist_items
.References