FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
RCE
PHP
Fuel Cms
NVD
GitHub
Exploit-DB
CVSS 3.1
9.8
EPSS
82.9%
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
SQLi
Fuel Cms
NVD
GitHub
CVSS 3.0
9.8
EPSS
1.4%