Product
foxcms
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-12920
CVE-2025-11306
CVE-2025-10251
CVE-2025-56630
CVE-2025-56435
CVE-2025-55422
CVE-2025-55409
CVE-2025-55420
CVE-2025-50692
CVE-2025-51650
CVE-2025-7568
CVE-2025-6094
CVE-2025-46154
CVE-2025-5155
CVE-2025-45239
CVE-2025-45238
CVE-2025-45240
CVE-2025-29181
CVE-2025-29180
CVE-2025-29306
CVE-2025-2653
CVE-2025-25790
CVE-2025-25789
CVE-2024-12901
CVE-2024-12900
<= 1.2.16
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admi
<= 1.2
A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component
<= 1.24
A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/control
<= 1.2.5
FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file
<= 1.2.6
SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBack
all versions
In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
all versions
FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code
all versions
A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a
<= 1.2.6
FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.
<= 1.2.6
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute ar
<= 1.2.5
A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of
<= 1.2.5
A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function b
all versions
Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.
all versions
A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function
all versions
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
all versions
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.
all versions
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
<= 1.25
FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.
<= 1.25
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_webs
< 1.2
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html componen
all versions
A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The
all versions
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute
all versions
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.
<= 1.2
A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality o
<= 1.2
A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/in