Thedaylightstudio: community verdicts
7 notable / known-exploited Thedaylightstudio CVEs the community has triaged.
- CVE-2020-17463CRIT 9.8KEVEPSS 90%
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
- CVE-2026-30460HIGH 8.8Real · low riskEPSS 1%
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
- CVE-2026-30457CRIT 9.8Real · low riskEPSS 1%
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
- CVE-2026-30461HIGH 8.3Real · low riskEPSS 1%
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
- CVE-2026-30458CRIT 9.1Real · low riskEPSS 0%
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
- CVE-2026-30463HIGH 7.7Real · low riskEPSS 0%
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
- CVE-2026-30459HIGH 7.1Real · low riskEPSS 0%
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.