Vulnerability in N/a
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE
- altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE
- padsalatushal/CVE-2018-16763
- n3m1sys/CVE-2018-16763-Exploit-Python3
- shoamshilo/Fuel-CMS-Remote-Code-Execution-1.4--RCE--
- h3x0v3rl0rd/CVE-2018-16763
- not1cyyy/CVE-2018-16763
- kxisxr/Bash-Script-CVE-2018-16763
- hikarihacks/CVE-2018-16763-exploit
- kaxm23/exploit_cms_fuel
References
- github.com/daylightstudio/FUEL-CMS/issues/478 (x_refsource_MISC)
- 0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-e… (x_refsource_MISC)
- 47138 (exploit, x_refsource_EXPLOIT-DB)
- packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html (x_refsource_MISC)
- packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html (x_refsource_MISC)
- packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-16763?
- CVE-2018-16763 is a vulnerability in N/a. Published 2018-09-09.
- Is CVE-2018-16763 known to be exploited?
- 72 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.