CVE-2020-26167

Sažetak

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

Reference

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-26167
https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/
https://github.com/daylightstudio/FUEL-CMS/
https://thedaylightstudio.com/
https://www.getfuelcms.com/
https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/
https://github.com/daylightstudio/FUEL-CMS/
https://thedaylightstudio.com/
https://www.getfuelcms.com/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-05-2025 - 16:15

Objavljeno

04-11-2020 - 17:15