FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-04-17
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-04-17
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
CVSS Score
9.8
EPSS Score
0.604
Published
2025-03-27
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-02-26
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-26