.. / CVE-2018-16763

Exploit for FUEL CMS 1.4.1 - Remote Code Execution (CVE-2018-16763)

Description:

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.

Nuclei Template

View the template here CVE-2018-16763.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-16763.yaml
Copy

References:

https://www.getfuelcms.com/
https://github.com/daylightstudio/FUEL-CMS/issues/478
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
https://www.exploit-db.com/exploits/47138
https://nvd.nist.gov/vuln/detail/CVE-2018-16763