CVE-2018-16763 Scanner
CVE-2018-16763 scanner - Remote Code Execution (RCE) vulnerability in fuel CMS
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
Fuel CMS is a popular content management system which has gained a lot of attention for its flexibility, functionality, and ease of use. Fuel CMS provides a wide range of features that make it an ideal choice for website designing and development. It is used by developers and businesses to create websites, blogs, and online stores. The CMS is open-source, which means that it is entirely free to use and customize, and developers can modify the system code according to their requirements.
One of the most recent and severe vulnerabilities discovered in Fuel CMS is CVE-2018-16763. This vulnerability allows for pre-authentication, remote code execution. It occurs due to the incorrect sanitization of user input in the pages/select/ filter parameter, allowing an attacker to execute arbitrary PHP code. It can also be exploited via the preview/ data parameter, which can be used to store malicious code.
Exploitation of this vulnerability can lead to unauthorized access to systems, data theft, and complete system compromise. Remote code execution vulnerabilities allow actors to run arbitrary code on a victim's system, providing them with complete control and access to all system data. This vulnerability poses a significant threat to the confidentiality, integrity, and availability of the affected system.
s4e.io provides enterprise-grade protection against vulnerabilities in digital assets. Their pro features allow users to scan their website and receive detailed reports of any vulnerabilities present. Users can quickly identify and fix any security issues, ensuring that their systems remain secure and protected. In conclusion, being vigilant and taking proactive steps to secure your web applications is essential in today's digital landscape.
REFERENCES
- http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html
- https://0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/
- https://github.com/daylightstudio/FUEL-CMS/issues/478
- https://www.exploit-db.com/exploits/47138
