CVE-2018-16763

Name of the Vulnerable Software and Affected Versions FUEL CMS version 1.4.1

Description The issue allows for PHP code evaluation, potentially leading to pre-authentication remote code execution. This can be achieved via the filter parameter in the "pages/select/" endpoint or the data parameter in the "preview/" endpoint.

Recommendations For FUEL CMS version 1.4.1, consider restricting access to the pages/select/ and preview/ endpoints to minimize the risk of exploitation. Avoid using the filter and data parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.