CVE-2020-26167

CVE-2020-26167

by colinelacatena

Abstract Advisory Information

An issue was discovered in fuelcms before version 11.4.13, where the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

Authors: Dominique Righetto

Version affected

Name: fuelcms
Versions: 11.4.12 and before

Common Vulnerability Scoring System

9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Patches

Already available

Vulnerability Disclosure Timeline

20/09/2020: Vulnerability discovered
29/09/2020: Daylight Studio is notified of the issue
29/09/2020: Daylight Studio acknowledgment
30/09/2020: Request CVE ID to Mitre
30/09/2020: CVE ID Assigned by MITRE
30/09/2020: Private disclosure
02/11/2020: Planned Public disclosure

Top