Fuel Interactive · Fuel Cms · CVE-2018-16762
**Name of the Vulnerable Software and Affected Versions**
FUEL CMS version 1.4.1
**Description**
The issue allows SQL Injection via the `layout`, `published`, or `search term` parameter to pages/items.
**Recommendations**
For FUEL CMS version 1.4.1, consider restricting access to the vulnerable parameters `layout`, `published`, and `search term` in the pages/items endpoint until a patch is available.