CVE-2018-16763: CVE-2018-16763

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-16763

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

FUEL CMS 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

FUEL CMS是一款基于Codelgniter框架的内容管理系统（CMS）。 FUEL CMS 1.4.1版本中的pages/select/页面的‘filter’参数和preview/页面的‘data’参数存在注入漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中，网络系统或产品缺乏对用户输入数据的正确验证，未过滤或未正确过滤掉其中的特殊元素，导致系统或产品产生解析或解释方式错误。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-16763

#	POC Description	Source Link	Shenlong Link
1	CVE 2018-16763	https://github.com/dinhbaouit/CVE-2018-16763	POC Details
2	This is an updated version of the CVE-2018-16763 for fuelCMS 1.4.1	https://github.com/hikarihacks/CVE-2018-16763-exploit	POC Details
3	None	https://github.com/n3m1dotsys/CVE-2018-16763-Exploit-Python3	POC Details
4	Rust implementation of CVE-2018-16763 with some extra features.	https://github.com/uwueviee/Fu3l-F1lt3r	POC Details
5	A working PoC to CVE-2018-16763	https://github.com/shoamshilo/Fuel-CMS-Remote-Code-Execution-1.4--RCE--	POC Details
6	FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.	https://github.com/kxisxr/Bash-Script-CVE-2018-16763	POC Details
7	Fuel CMS 1.4.1 - Remote Code Execution	https://github.com/padsalatushal/CVE-2018-16763	POC Details
8	A write up on the THM room Vulnerability Capstone & Exploit script for CVE-2018-16763.	https://github.com/wizardy0ga/THM-Vulnerability_Capstone-CVE-2018-16763	POC Details
9	None	https://github.com/crypticdante/CVE-2018-16763	POC Details
10	None	https://github.com/BrunoPincho/cve-2018-16763-rust	POC Details
11	None	https://github.com/NaturalT314/CVE-2018-16763	POC Details
12	Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.	https://github.com/p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE	POC Details
13	CVE-2018-16763 FuelCMS 1.4 Remote Code Execution, this version of FuelCMS is still vulnerable until now	https://github.com/not1cyyy/CVE-2018-16763	POC Details
14	None	https://github.com/antisecc/CVE-2018-16763	POC Details
15	Fuel CMS 1.4.1 - Remote Code Execution - Python 3.x	https://github.com/VitoBonetti/CVE-2018-16763	POC Details
16	None	https://github.com/H3xL00m/CVE-2018-16763	POC Details
17	None	https://github.com/n3ov4n1sh/CVE-2018-16763	POC Details
18	None	https://github.com/n3m1sys/CVE-2018-16763-Exploit-Python3	POC Details
19	None	https://github.com/c0d3cr4f73r/CVE-2018-16763	POC Details
20	None	https://github.com/Sp3c73rSh4d0w/CVE-2018-16763	POC Details
21	None	https://github.com/0xwh1pl4sh/CVE-2018-16763	POC Details
22	None	https://github.com/N3rdyN3xus/CVE-2018-16763	POC Details
23	None	https://github.com/Luigi31415/CVE-2018-16763	POC Details
24	None	https://github.com/NyxByt3/CVE-2018-16763	POC Details
25	None	https://github.com/h3xcr4ck3r/CVE-2018-16763	POC Details
26	None	https://github.com/n3rdh4x0r/CVE-2018-16763	POC Details
27	A Proof-of-Concept (PoC) exploit for CVE-2018-16763 (Fuel CMS - Preauthenticated Remote Code Execution).	https://github.com/saccles/CVE-2018-16763-Proof-of-Concept	POC Details
28	Fuel CMS 1.4.1 - Remote Code Execution	https://github.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE	POC Details
29	None	https://github.com/Kz0x-337/CVE-2018-16763	POC Details
30	A Proof-of-Concept (PoC) exploit for CVE-2018-16763 (Fuel CMS - Preauthenticated Remote Code Execution).	https://github.com/saccles/CVE_2018_16763_Proof_of_Concept	POC Details
31	FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-16763.yaml	POC Details
32	The goal of this project was to conduct a security audit of a blog recently launched by Ackme Support Incorporated, identifying any critical vulnerabilities before the site goes public. The task involved finding a way to remotely execute code and gain access to the target system.	https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-	POC Details
33	None	https://github.com/h3x0v3rl0rd/CVE-2018-16763	POC Details
34	FuelCMS 1.4.1 Command Injection/Remote Code Execution.	https://github.com/B7T3/CVE-2018-16763_FuelCMS-1.4.1_RCE	POC Details
35	exploit for CVE-2018-16763	https://github.com/Cyberuser-hash/CVE-2018-16763	POC Details
36	Python3 exploit for Fuel CMS 1.4.1 Remote Code Execution (CVE-2018-16763) with Reverse Shell.	https://github.com/kaxm23/exploit_cms_fuel	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-16763

Please Login to view more intelligence information

http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.htmlx_refsource_MISC
https://0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/x_refsource_MISC
http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.htmlx_refsource_MISC
https://github.com/daylightstudio/FUEL-CMS/issues/478x_refsource_MISC
https://www.exploit-db.com/exploits/47138exploitx_refsource_EXPLOIT-DB
https://nvd.nist.gov/vuln/detail/CVE-2018-16763

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-16763

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2018-16763

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-16763

III. Intelligence Information for CVE-2018-16763

IV. Related Vulnerabilities

V. Comments for CVE-2018-16763

Leave a comment