FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.