← Volver a CVEs
CVE-2020-26167
CRITICAL9.8
Descripcion
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/4/2020
Ultima modificacion5/30/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
thedaylightstudio:fuel_cms
Referencias
https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-26167(cve@mitre.org)
https://github.com/daylightstudio/FUEL-CMS/(cve@mitre.org)
https://thedaylightstudio.com/(cve@mitre.org)
https://www.getfuelcms.com/(cve@mitre.org)
https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/daylightstudio/FUEL-CMS/(af854a3a-2127-422b-91ae-364da2661108)
https://thedaylightstudio.com/(af854a3a-2127-422b-91ae-364da2661108)
https://www.getfuelcms.com/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.