HIGHCVE-2026-30461Published 2026-04-15Modified 2026-04-16CNA mitre

CVE-2026-30461: Daylight Studio FuelCMS v1

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

CVSS v3.1: 8.3
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

References

daylight.com
fuelcms.com
github.com
pentest-tools.com

Metrics