CVE Catalog

CVE-2026-30457

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.71%

49th percentile - higher than 49% of all known CVEs

Summary

A vulnerability in the /parser/dwoo component of FuelCMS v1.5.2 allows attackers to execute arbitrary PHP code via crafted input.

Risk Assessment

An attacker can take over the server, steal data, or install malware, leading to full system compromise.

Recommendation

Immediately update FuelCMS to the latest version or apply available security patches, and restrict access to the /parser/dwoo component.

Original NVD description (English source)

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS