Arbitrary Code Execution via SQL Injection in Daylight Studio FUEL-CMS 1.4.9

Arbitrary Code Execution via SQL Injection in Daylight Studio FUEL-CMS 1.4.9

CVE-2020-24950 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

Learn more about our Cms Pen Testing.