SQL Injection Vulnerability in FUEL CMS 1.4.8 via 'fuel_replace_id' Parameter

CVE-2020-24791 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.