CVE-2025-45238

Critical CVSS: 9.1

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Vendor

Product

CWE

Yayın Tarihi

2025-05-05 18:15:43

Güncelleme

2025-06-12 17:39:05

Source Identifier

cve@mitre.org

KEV Date Added

CWE-22 Foxcms CRITICAL Qianfox 2025

https://gist.github.com/chao112122/27010786774f2bb584cc715fb027b95c https://gitee.com/qianfox/foxcms

Medium

CVE-2025-11306

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the…

Medium

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to…

Medium

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function ba…

Medium

CVE-2025-6094

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the…

Medium

CVE-2025-45239

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

Medium

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.