PT-2019-14026 · Fuel Cms · Fuel Cms
Sevenlayersinc
·
Published
2019-08-19
·
Updated
2019-08-26
·
CVE-2019-15229
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FUEL CMS version 1.4.4
Description
The issue allows an attacker to trick the administrator into executing arbitrary code via a specially crafted HTML page, due to CSRF in the blocks/create/ Create Blocks section of the Admin console.
Recommendations
For FUEL CMS version 1.4.4, as a temporary workaround, consider disabling access to the blocks/create/ Create Blocks section of the Admin console until a patch is available. Restrict access to this section to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fuel Cms