CVE-2026-30458

Critical CVSS: 9.1

An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

Vendor

Product

CWE

Yayın Tarihi

2026-03-26 19:17:00

Güncelleme

2026-03-30 14:11:49

Source Identifier

cve@mitre.org

KEV Date Added

CWE-620 Fuel Cms CRITICAL Thedaylightstudio 2026

http://daylight.com http://fuelcms.com https://github.com/daylightstudio/FUEL-CMS https://pentest-tools.com/PTT-2025-025-Account-Takeover-via-Email-Array.pdf

High

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php co…

Critical

CVE-2026-30457

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via…

Medium

CVE-2024-57605

Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the…