← Zuruck zu CVEs
CVE-2020-26167
CRITICAL9.8
Beschreibung
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht11/4/2020
Zuletzt geandert5/30/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
thedaylightstudio:fuel_cms
Referenzen
https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-26167(cve@mitre.org)
https://github.com/daylightstudio/FUEL-CMS/(cve@mitre.org)
https://thedaylightstudio.com/(cve@mitre.org)
https://www.getfuelcms.com/(cve@mitre.org)
https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/daylightstudio/FUEL-CMS/(af854a3a-2127-422b-91ae-364da2661108)
https://thedaylightstudio.com/(af854a3a-2127-422b-91ae-364da2661108)
https://www.getfuelcms.com/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.