← voltar
CVE-2018-16763

CVE-2018-16763

EPSS 82.9%◆ VulnCheck KEV
Vexday Risk Score
84Corrigir agora
Decisão SSVC (CISA)
Act
Exploração + impacto → ação imediata
Maturidade do exploit
Exploit funcional
PoC popular no GitHub (25 estrelas) — código de exploração amplamente disponível.
CVSS EPSS 82.9%KEV nãoPoC públicaNuclei simMetasploit Patch
Ciclo de vida
09 set 2018Publicada no NVD
26 mar 2020PoC pública
Velocidade de armamento
563 diasaté o primeiro PoC
Recomendação: Corrigir o quanto antes — há exploração ativa confirmada.
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Produtos afetados
n/a · n/a
PoCs públicas encontradas46
githubgithub.com/p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE25githubgithub.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE5githubgithub.com/padsalatushal/CVE-2018-167635githubgithub.com/n3m1sys/CVE-2018-16763-Exploit-Python34githubgithub.com/shoamshilo/Fuel-CMS-Remote-Code-Execution-1.4--RCE--3githubgithub.com/hikarihacks/CVE-2018-16763-exploit2githubgithub.com/kxisxr/Bash-Script-CVE-2018-167632githubgithub.com/h3x0v3rl0rd/CVE-2018-167632githubgithub.com/not1cyyy/CVE-2018-167632githubgithub.com/dinhbaouit/CVE-2018-167631githubgithub.com/kaxm23/exploit_cms_fuel1githubgithub.com/saccles/CVE_2018_16763_Proof_of_Concept0githubgithub.com/antisecc/CVE-2018-167630githubgithub.com/VitoBonetti/CVE-2018-167630githubgithub.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-0githubgithub.com/bad-c0de/CVE-2018-16763_FuelCMS-1.4.1_RCE0githubgithub.com/Cyberuser-hash/CVE-2018-167630githubgithub.com/estebanzarate/CVE-2018-16763-Fuel-CMS-1.4.1-Remote-Code-Execution-PoC0githubgithub.com/uwueviee/Fu3l-F1lt3r0githubgithub.com/SOME-1HING/CVE-2018-167630githubgithub.com/wizardy0ga/THM-Vulnerability_Capstone-CVE-2018-167630githubgithub.com/BrunoPincho/cve-2018-16763-rust0vulncheckvulncheck.com/xdb/2cc8e2b339cenão verificadocve_referencepacketstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.htmlnão verificadovulncheckvulncheck.com/xdb/d8052370d9c1não verificadocve_referencepacketstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.htmlnão verificadocve_referencewww.exploit-db.com/exploits/47138não verificadoexploitdbwww.exploit-db.com/exploits/49487não verificadoexploitdbwww.exploit-db.com/exploits/50477não verificadovulncheckvulncheck.com/xdb/7736671df5bfnão verificadovulncheckvulncheck.com/xdb/df65f1b13b31não verificadovulncheckvulncheck.com/xdb/cb5e6b86473fnão verificadovulncheckvulncheck.com/xdb/a398ae86c529não verificadovulncheckvulncheck.com/xdb/a3b720e793f2não verificadovulncheckvulncheck.com/xdb/b674975802b1não verificadovulncheckvulncheck.com/xdb/8115b3c12826não verificadovulncheckvulncheck.com/xdb/51d3142a58d1não verificadovulncheckvulncheck.com/xdb/1c8a5d144848não verificadovulncheckvulncheck.com/xdb/37ad2c898d17não verificadovulncheckvulncheck.com/xdb/02a33f79c86dnão verificadovulncheckvulncheck.com/xdb/082d110fb6b3não verificadovulncheckvulncheck.com/xdb/0b231ab59595não verificadovulncheckvulncheck.com/xdb/7cb6e21c3a23não verificadovulncheckvulncheck.com/xdb/1a09e5d73453não verificadovulncheckvulncheck.com/xdb/b100cd8906f7não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.