📦 Foxcms

FoxCMS versions up to 1.2.5 contain a code injection vulnerability in the admin template file editor that allows authenticated attackers to execute arbitrary code on the server. This affects all FoxCM...

This vulnerability allows remote attackers to execute arbitrary code on FoxCMS v1.2.5 systems through the case display page in index.html. It affects all deployments of FoxCMS v1.2.5 that have the vul...

FoxCMS v1.2.5 contains a critical remote code execution vulnerability in the index() method of the Sitemap controller. This allows unauthenticated attackers to execute arbitrary code on affected syste...

FoxCMS v1.2.5 and earlier contains a SQL injection vulnerability in the column_model parameter of the admin controller. This allows attackers to execute arbitrary SQL commands on the database. All Fox...

FoxCMS 1.2.6 contains a reflected Cross-Site Scripting (XSS) vulnerability in the /index.php/plus endpoint that allows attackers to inject malicious scripts into web pages. This affects all users of F...

FoxCMS 1.2.6 contains a cross-site scripting (XSS) vulnerability in the /index.php/article endpoint that allows attackers to inject and execute malicious JavaScript code. This affects all FoxCMS 1.2.6...

Foxcms v1.25 contains a SQL time-based injection vulnerability in the installdb.php file's dbname parameter. This allows attackers to execute arbitrary SQL queries by manipulating database connection ...

FOXCMS versions up to 1.25 contain a SQL injection vulnerability in the admin panel's field management functionality. Attackers can inject malicious SQL queries through the title parameter, potentiall...

A SQL injection vulnerability in FoxCMS v1.2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in /DataBackup.php. This could lead to unauthorized data acces...

This critical SQL injection vulnerability in FoxCMS 1.2.5 allows remote attackers to execute arbitrary SQL commands via the 'ids' parameter in the batchCope function. Attackers can potentially read, m...

This is a cross-site scripting (XSS) vulnerability in FoxCMS up to version 1.2.16 that allows attackers to inject malicious scripts via the Title parameter in product add/edit functions. The vulnerabi...