CVE-2020-17463

Name of the Vulnerable Software and Affected Versions FUEL CMS version 1.4.7

Description The issue is related to a lack of protection in the SQL query structure, allowing for SQL injection. This can be exploited via the col parameter in API endpoints such as "/pages/items", "/permissions/items", or "/navigation/items". The exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For FUEL CMS version 1.4.7, as a temporary workaround, consider restricting access to the vulnerable API endpoints "/pages/items", "/permissions/items", and "/navigation/items" to minimize the risk of exploitation. Avoid using the col parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.