Qianfox

Foxcms

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2026-9609

Exploit
  • EPSS 0.22%
  • Veröffentlicht 27.05.2026 00:30:12
  • Zuletzt bearbeitet 27.05.2026 14:50:47

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be...

2.4

CVE-2026-9608

Exploit
  • EPSS 0.21%
  • Veröffentlicht 27.05.2026 00:15:11
  • Zuletzt bearbeitet 27.05.2026 14:50:47

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launc...

4.8

CVE-2025-12920

Exploit
  • EPSS 0.28%
  • Veröffentlicht 09.11.2025 23:15:46
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiat...

6.1

CVE-2025-11306

  • EPSS 0.31%
  • Veröffentlicht 05.10.2025 22:15:32
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cross site scripting. The attack can be executed remot...

8.8

CVE-2025-7568

Exploit
  • EPSS 0.38%
  • Veröffentlicht 14.07.2025 03:32:04
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to...

5.6

CVE-2025-51650

Exploit
  • EPSS 0.27%
  • Veröffentlicht 14.07.2025 00:00:00
  • Zuletzt bearbeitet 15.07.2025 16:57:46

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

8.8

CVE-2025-6094

Exploit
  • EPSS 0.36%
  • Veröffentlicht 15.06.2025 22:31:05
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The...

6.5

CVE-2025-45240

Exploit
  • EPSS 0.26%
  • Veröffentlicht 05.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 17:44:27

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.

9.1

CVE-2025-45238

Exploit
  • EPSS 0.57%
  • Veröffentlicht 05.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 17:39:05

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

5.3

CVE-2025-45239

Exploit
  • EPSS 0.7%
  • Veröffentlicht 05.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 17:34:08

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.