CVE-2026-30459
- EPSS 0.04%
- Veröffentlicht 16.04.2026 00:00:00
- Zuletzt bearbeitet 17.04.2026 15:38:09
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
CVE-2026-30461
- EPSS 0.23%
- Veröffentlicht 15.04.2026 00:00:00
- Zuletzt bearbeitet 17.04.2026 15:09:46
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
CVE-2026-30460
- EPSS 0.02%
- Veröffentlicht 07.04.2026 00:00:00
- Zuletzt bearbeitet 09.04.2026 21:16:07
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
CVE-2026-30457
- EPSS 0.09%
- Veröffentlicht 26.03.2026 00:00:00
- Zuletzt bearbeitet 30.03.2026 14:11:06
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
CVE-2026-30458
- EPSS 0.04%
- Veröffentlicht 26.03.2026 00:00:00
- Zuletzt bearbeitet 30.03.2026 14:11:49
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
CVE-2026-30463
- EPSS 0.04%
- Veröffentlicht 26.03.2026 00:00:00
- Zuletzt bearbeitet 30.03.2026 14:14:29
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
CVE-2024-57605
- EPSS 0.2%
- Veröffentlicht 12.02.2025 22:15:41
- Zuletzt bearbeitet 09.07.2025 15:03:30
Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.