CVE Catalog
CVE-2026-30457
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.71%
49th percentile - higher than 49% of all known CVEs
Summary
A vulnerability in the /parser/dwoo component of FuelCMS v1.5.2 allows attackers to execute arbitrary PHP code via crafted input.
Risk Assessment
An attacker can take over the server, steal data, or install malware, leading to full system compromise.
Recommendation
Immediately update FuelCMS to the latest version or apply available security patches, and restrict access to the /parser/dwoo component.
Original NVD description (English source)
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.

