PT-2020-16324 · Fuel Cms · Fuel Cms
Dominique Righetto
·
Published
2020-11-04
·
Updated
2021-07-21
·
CVE-2020-26167
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FUEL CMS versions 11.4.12 and earlier
Description
The page preview feature in FUEL CMS allows an anonymous user to take complete ownership of any account, including an administrator account.
Recommendations
For versions 11.4.12 and earlier, as a temporary workaround, consider disabling the page preview feature until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fuel Cms