Vulnerabilities (CVE)

Filtered by vendor Foxcms Subscribe
Filtered by product Foxcms
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-29180 1 Foxcms 1 Foxcms 2025-04-23 N/A 7.2 HIGH
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.
CVE-2025-29181 1 Foxcms 1 Foxcms 2025-04-23 N/A 7.2 HIGH
FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.
CVE-2025-29306 1 Foxcms 1 Foxcms 2025-04-11 N/A 9.8 CRITICAL
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
CVE-2025-25789 1 Foxcms 1 Foxcms 2025-04-09 N/A 9.8 CRITICAL
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.
CVE-2025-25790 1 Foxcms 1 Foxcms 2025-04-09 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.