CVE-2020-24950

Name of the Vulnerable Software and Affected Versions Daylight Studio FUEL-CMS version 1.4.9

Description The issue allows remote attackers to execute arbitrary code via the col parameter to the list items function in the Base module model.php file. This enables attackers to inject SQL code, potentially leading to unauthorized data access or modification.

Recommendations For Daylight Studio FUEL-CMS version 1.4.9, consider disabling the list items function in the Base module model.php file until a patch is available. Restrict access to the col parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.