Wiz
Vulnerability DatabaseCVE-2020-22153

CVE-2020-22153
Fuel CMS vulnerability analysis and mitigation

Overview

File Upload vulnerability in FUEL-CMS version 1.4.6 allows remote attackers to execute arbitrary code via a crafted PHP file uploaded through the upload parameter in the navigation function. The vulnerability was discovered and disclosed on July 3, 2023 (NVD).

Technical details

The vulnerability is classified with a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue stems from improper validation of uploaded files in the navigation function, specifically related to the upload parameter. The vulnerability is categorized as CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD).

Impact

The vulnerability allows remote attackers to execute arbitrary code on the affected system. Due to its critical severity rating and the ability to execute code remotely without authentication, this vulnerability poses a significant security risk to affected installations (NVD).

Mitigation and workarounds

Users running FUEL-CMS version 1.4.6 should upgrade to a patched version of the software. If immediate upgrading is not possible, it is recommended to implement additional file upload restrictions and validation mechanisms (NVD).

Additional resources

SourceThis report was generated using AI

Related Fuel CMS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2020-22153CRITICAL9.8
  • Fuel CMSFuel CMS
  • cpe:2.3:a:thedaylightstudio:fuel_cms
NoYesJul 03, 2023
CVE-2020-24950HIGH8.8
  • PHPPHP
  • cpe:2.3:a:thedaylightstudio:fuel_cms
NoYesAug 11, 2023
CVE-2024-57605MEDIUM5.4
  • Fuel CMSFuel CMS
  • cpe:2.3:a:thedaylightstudio:fuel_cms
NoNoFeb 12, 2025
CVE-2024-25369MEDIUM5.4
  • Fuel CMSFuel CMS
  • cpe:2.3:a:thedaylightstudio:fuel_cms
NoNoFeb 22, 2024
CVE-2020-22152MEDIUM5.4
  • Fuel CMSFuel CMS
  • cpe:2.3:a:thedaylightstudio:fuel_cms
NoYesJul 03, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo