An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the “id” and “fuel_id” parameters.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23722
Reference (s):
- https://github.com/daylightstudio/FUEL-CMS/issues/560