01642 06 11 11 Arrange Call

SQL Injection Vulnerability in FUEL CMS 1.4.11 via 'name' Parameter in /fuel/permissions/create/

CVE-2020-26045 · CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.