CVE-2025-51650

Medium CVSS: 5.6

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

Vendor

Qianfox

Product

Foxcms

CWE

CWE-77

Yayın Tarihi

2025-07-14 17:15:33

Güncelleme

2025-07-15 16:57:46

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Foxcms MEDIUM Qianfox 2025

Referanslar

https://github.com/Y4y17/Foxcms/blob/main/Foxcms%20%3C%3D%20v1.2.6%20RCE.md

Benzer Kayıtlar

Medium

CVE-2025-11306

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the…

Medium

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function ba…

Medium

CVE-2025-6094

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the…

Critical

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Medium

CVE-2025-45239

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

Medium

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.