📦 Haxcms Php

CVE-2025-49141 is an OS command injection vulnerability in HAX CMS PHP's gitImportSite functionality. Authenticated attackers can execute arbitrary commands on the backend server by crafting malicious...

HAX CMS versions 11.0.12 and below (NodeJS) and 11.0.7 and below (PHP) lack X-Frame-Options headers, allowing attackers to embed the CMS login page and other sensitive interfaces in iframes. This enab...

This vulnerability in HAXcms backends fails to properly terminate user sessions during logout, allowing attackers to maintain access to authenticated sessions. It affects all users of haxcms-nodejs an...