CVE-2025-25790

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

CVE-2025-25790

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

CVE-2025-25790

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS v1.2.5, which is caused by an arbitrary file upload issue in controllerLocalTemplate.php, where an attacker can upload a well-designed Zip file to execute...

CVE-2025-25790

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

CVE-2025-25789

CVE-2025-25789 affects FoxCMS v1.2.5 and is described as a remote code execution (RCE) via the index() method in Sitemap.php. The vulnerability is detailed as a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with NETWORK attack vector, LOW attack complexity, no privileges required, no user intera...

CVE-2025-25790

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

CVE-2025-25790

CVE-2025-25790 discusses an arbitrary file upload vulnerability affecting FoxCMS v1.2.5, specifically in the component path and file \controller\LocalTemplate.php. The issue permits an attacker to execute arbitrary code by uploading a crafted ZIP file. The CVE entry indicates a high-severity impa...

CVE-2024-12901

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be...

CVE-2024-12901

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be...

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

CVE-2024-12901 FoxCMS API Endpoint Site.php improper authorization

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be...

CVE-2024-12901

FoxCMS up to version 1.2 is affected by a critical issue in the API Endpoint, specifically in /app/api/controller/Site.php, where manipulating the password argument leads to improper authorization. The vulnerability enables remote exploitation, and the exploit has been publicly disclosed. Multipl...

CVE-2024-12901 FoxCMS API Endpoint Site.php improper authorization

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be...

CVE-2024-12900

FoxCMS CVE-2024-12900 affects the Configuration File Handler’s /install/installdb.php. The root cause is manipulation of the database password argument, enabling code injection. The vulnerability is exploitable remotely and has public disclosures. Affected versions are FoxCMS up to 1.2; PT-Securi...