Qianfox

Foxcms

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-12920

Exploit
  • EPSS 0.06%
  • Veröffentlicht 09.11.2025 23:15:46
  • Zuletzt bearbeitet 26.11.2025 15:28:00

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiat...

6.1

CVE-2025-11306

  • EPSS 0.02%
  • Veröffentlicht 05.10.2025 22:15:32
  • Zuletzt bearbeitet 07.10.2025 17:06:09

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cross site scripting. The attack can be executed remot...

8.8

CVE-2025-7568

Exploit
  • EPSS 0.04%
  • Veröffentlicht 14.07.2025 03:32:04
  • Zuletzt bearbeitet 15.07.2025 18:31:09

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to...

5.6

CVE-2025-51650

Exploit
  • EPSS 0.12%
  • Veröffentlicht 14.07.2025 00:00:00
  • Zuletzt bearbeitet 15.07.2025 16:57:46

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

8.8

CVE-2025-6094

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.06.2025 22:31:05
  • Zuletzt bearbeitet 16.07.2025 17:00:11

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The...

6.5

CVE-2025-45240

Exploit
  • EPSS 0.2%
  • Veröffentlicht 05.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 17:44:27

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.

9.1

CVE-2025-45238

Exploit
  • EPSS 1.94%
  • Veröffentlicht 05.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 17:39:05

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

5.3

CVE-2025-45239

Exploit
  • EPSS 0.3%
  • Veröffentlicht 05.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 17:34:08

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

4.3

CVE-2025-2653

  • EPSS 0.17%
  • Veröffentlicht 23.03.2025 15:31:10
  • Zuletzt bearbeitet 16.07.2025 15:04:44

A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the...

6.9

CVE-2024-12901

  • EPSS 0.14%
  • Veröffentlicht 23.12.2024 02:15:06
  • Zuletzt bearbeitet 15.07.2025 20:15:14

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads t...