CVE-2020-17463

CISA KEV

Published December 10, 2021 · Updated April 3, 2026

high

Official Description+

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Affected Products

Vendor	Product
Fuel CMS	Fuel CMS

Patch by 2022-06-10

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2020-17463.