Filtered by vendor Foxcms
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29180 | 1 Foxcms | 1 Foxcms | 2025-04-23 | 7.2 High |
| In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering. | ||||
| CVE-2025-29181 | 1 Foxcms | 1 Foxcms | 2025-04-23 | 7.2 High |
| FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php. | ||||
| CVE-2025-29306 | 1 Foxcms | 1 Foxcms | 2025-04-11 | 9.8 Critical |
| An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. | ||||
| CVE-2025-25789 | 1 Foxcms | 1 Foxcms | 2025-04-09 | 9.8 Critical |
| FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php. | ||||
| CVE-2025-25790 | 1 Foxcms | 1 Foxcms | 2025-04-09 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file. | ||||
Page 1 of 1.