.. / CVE-2020-17463

Exploit for Fuel CMS 1.4.7 - SQL Injection (CVE-2020-17463)

Description:

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Nuclei Template

View the template here CVE-2020-17463.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-17463.yaml
Copy

References:

https://cwe.mitre.org/data/definitions/89.html
https://nvd.nist.gov/vuln/detail/CVE-2020-17463
https://www.exploit-db.com/exploits/48741
https://getfuelcms.com/
http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html