CVE-2018-16763 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in fuel CMS affects v. 1.4.1.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2018-16763 Scanner Detail
Fuel CMS is a popular content management system which has gained a lot of attention for its flexibility, functionality, and ease of use. Fuel CMS provides a wide range of features that make it an ideal choice for website designing and development. It is used by developers and businesses to create websites, blogs, and online stores. The CMS is open-source, which means that it is entirely free to use and customize, and developers can modify the system code according to their requirements.
One of the most recent and severe vulnerabilities discovered in Fuel CMS is CVE-2018-16763. This vulnerability allows for pre-authentication, remote code execution. It occurs due to the incorrect sanitization of user input in the pages/select/ filter parameter, allowing an attacker to execute arbitrary PHP code. It can also be exploited via the preview/ data parameter, which can be used to store malicious code.
Exploitation of this vulnerability can lead to unauthorized access to systems, data theft, and complete system compromise. Remote code execution vulnerabilities allow actors to run arbitrary code on a victim's system, providing them with complete control and access to all system data. This vulnerability poses a significant threat to the confidentiality, integrity, and availability of the affected system.
Securityforeveryone.com provides enterprise-grade protection against vulnerabilities in digital assets. Their pro features allow users to scan their website and receive detailed reports of any vulnerabilities present. Users can quickly identify and fix any security issues, ensuring that their systems remain secure and protected. In conclusion, being vigilant and taking proactive steps to secure your web applications is essential in today's digital landscape.
REFERENCES
- http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html
- https://0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/
- https://github.com/daylightstudio/FUEL-CMS/issues/478
- https://www.exploit-db.com/exploits/47138
control security posture