QSearchQSearch

CVE-2021-38290

8.1 HIGH

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/lib...

Published: 2021-08-09 · Last updated: 2026-06-17

Severity and scoring

CVSS
8.1 HIGH
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-74

Affected products

VendorProduct
thedaylightstudiofuel_cms

Description

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-38727 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items (9.8 CRITICAL)
  • CVE-2021-38725 Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php (5.3 MEDIUM)
  • CVE-2021-38723 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items (8.8 HIGH)
  • CVE-2021-38721 FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability (6.5 MEDIUM)

Same CWE

  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
  • CVE-2026-12188 A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)