CVE-2020-26167 Information

Description

In FUEL CMS 11.4.12 and before the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

Reference

https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/ https://github.com/daylightstudio/FUEL-CMS/ https://thedaylightstudio.com/ https://www.getfuelcms.com/