Vulnerabilities
Vulnerable Software
Foxcms:  >> Foxcms  >> 1.2.1  Security Vulnerabilities
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
1.9
EPSS Score
0.003
Published
2025-11-09
A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.1
EPSS Score
0.003
Published
2025-09-11
FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.
CVSS Score
7.3
EPSS Score
0.002
Published
2025-09-08
SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-09-03
FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-08-07
FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-04-17
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-04-17


Contact Us

Shodan ® - All rights reserved