A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

References

• http://daylight.com
• http://fuelcms.com
• https://github.com/daylightstudio/FUEL-CMS/blob/master/fuel/modules/fuel/controllers/Blocks.php
• https://pentest-tools.com/PTT-2025-031-Sensitive-File-Read-via-Path-Traversal.pdf
• https://pentest-tools.com/PTT-2025-031-Sensitive-File-Read-via-Path-Traversal.pdf