CVE-2025-45239

Medium CVSS: 5.3

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

Vendor

Product

CWE

Yayın Tarihi

2025-05-05 18:15:43

Güncelleme

2025-06-12 17:34:08

Source Identifier

cve@mitre.org

KEV Date Added

CWE-22 Foxcms MEDIUM Qianfox 2025

https://gist.github.com/chao112122/350e1af42ccea185206f8a8b9e4906e1 https://gitee.com/qianfox/foxcms/tree/V1.2.5/

Medium

CVE-2025-11306

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the…

Medium

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to…

Medium

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function ba…

Medium

CVE-2025-6094

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the…

Critical

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Medium

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.