Lucene search
+L
QianfoxFoxcms

10 matches found

CVE
CVE
added 2024/12/23 2:0 a.m.98 views

CVE-2024-12901

FoxCMS up to version 1.2 is affected by a critical issue in the API Endpoint, specifically in /app/api/controller/Site.php, where manipulating the password argument leads to improper authorization. The vulnerability enables remote exploitation, and the exploit has been publicly disclosed. Multipl...

6.9CVSS5.5AI score0.006EPSS
Web
CVE
CVE
added 2025/06/15 10:31 p.m.66 views

CVE-2025-6094

FoxCMS (versions up to 1.2.5) contains a SQL injection in the batchCope function of app/admin/controller/Download.php, triggered by manipulating the ids parameter. The vulnerability allows remote exploitation and has publicly disclosed exploits. Publicly available advisories (e.g., PT-2025-25506)...

8.8CVSS6.7AI score0.0037EPSS
CVE
CVE
added 2025/03/23 3:31 p.m.63 views

CVE-2025-2653

FoxCMS 1.25 is affected by CVE-2025-2653, which is described as an improper authorization vulnerability that can be exploited remotely. The connected sources consistently reference FoxCMS 1.25 and indicate a remote-attack vector with unknown details about the exact vulnerable component or entry p...

5.3CVSS4.7AI score0.00303EPSS
CVE
CVE
added 2025/05/05 12:0 a.m.59 views

CVE-2025-45238

FoxCMS v1.2.5 is affected by an arbitrary file deletion vulnerability via the delRestoreSerie method. The issue stems from the delRestoreSerie functionality and can lead to deletion of arbitrary files, as described across multiple sources (including Red Hat and PT Security advisories). The vulner...

9.1CVSS7.2AI score0.00566EPSS
CVE
CVE
added 2025/05/05 12:0 a.m.58 views

CVE-2025-45239

FoxCMS v2.0.6 contains a vulnerability in the restores method of DataBackup.php that allows a directory traversal attack. The issue stems from improper handling in the restores logic, enabling access to filesystem paths beyond the intended directory. Documented impact is limited to information ex...

5.3CVSS6.8AI score0.00702EPSS
CVE
CVE
added 2025/05/05 12:0 a.m.54 views

CVE-2025-45240

FoxCMS v1.2.5 contains a SQL injection vulnerability in the executeCommand method of DataBackup.php (CVE-2025-45240). Affects foxcms 1.2.5; impact described as likely SQL injection with low to moderate confidentiality/integity impact and no availability impact per CVSS 3.1 (AV:N/AC:L/PR:N/UI:N/S:...

6.5CVSS8.5AI score0.00258EPSS
CVE
CVE
added 2024/12/23 1:31 a.m.50 views

CVE-2024-12900

FoxCMS CVE-2024-12900 affects the Configuration File Handler’s /install/installdb.php. The root cause is manipulation of the database password argument, enabling code injection. The vulnerability is exploitable remotely and has public disclosures. Affected versions are FoxCMS up to 1.2; PT-Securi...

9.8CVSS7AI score0.00696EPSS
Web
CVE
CVE
added 2025/07/14 12:0 a.m.33 views

CVE-2025-51650

FoxCMS v1.2.6 has an arbitrary file upload vulnerability in the /controller/PicManager.php component that allows code execution via a crafted template file. The CVE is CVE-2025-51650. A PoC is indicated in the vulnerability metrics, suggesting exploit guidance exists. Impact is limited to remote ...

5.6CVSS8AI score0.00271EPSS
CVE
CVE
added 2025/07/14 3:32 a.m.24 views

CVE-2025-7568

FoxCMS up to version 1.2.5 is affected by a SQL injection in the batchCope function of app/admin/controller/Video.php. The vulnerability arises from manipulating the ids argument, allowing remote exploitation. The issue has been publicly disclosed and is not confirmed as fixed; vendor response st...

8.8CVSS6.8AI score0.00379EPSS
CVE
CVE
added 2025/10/05 10:2 p.m.15 views

CVE-2025-11306

FoxCMS (qianfox) up to version 1.2 contains a cross-site scripting flaw in the Search Page component, specifically in /index.php/Search where manipulation of the keyword parameter enables remote exploitation. Multiple sources (NVD, Red Hat, EUVD, CVE lists, and vendor/information aggregators) con...

6.1CVSS5.3AI score0.00316EPSS
Web