top of page
perceptive_background_267k.jpg

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user v…

Published:

15 april 2026 om 22:00:00

Alert date:

16 april 2026 om 17:02:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

A security vulnerability in Daylight Studio FuelCMS version 1.5.2 allows unauthenticated attackers to obtain password reset tokens of victim users through the Forgot Password feature. The attack is carried out by placing a crafted link in a valid email message. This vulnerability enables attackers to potentially gain unauthorized access to user accounts by intercepting or manipulating password reset tokens. The issue affects the authentication mechanism of the content management system and poses a significant risk to user account security.

Technical details

Mitigation steps:

Affected products:

Daylight Studio FuelCMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-30459
http://daylight.com
http://fuelcms.com
https://github.com/daylightstudio/FUEL-CMS/blob/master/fuel/modules/fuel/controllers/Login.php
https://pentest-tools.com/PTT-2025-029-Password-Reset-Poisoning-via-Host-Header.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page