GCVE - cpe:2.3:a:n/a:foxcms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:foxcms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Foxcms (`6e8daf2f-fbfa-50f6-935b-73cbbc459a51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2653`	vulnerable	2026-06-08 07:16:57.980303	FoxCMS improper authorization MEDIUM (4.3) A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-23T15:31:10.397Z Updated: 2025-03-24T12:18:51.439Z Open on db.gcve.eu Reference links https://vuldb.com/?id.300668 https://vuldb.com/?ctiid.300668 https://vuldb.com/?submit.519927 https://www.yuque.com/yuqueyonghuveuwuh/aveeid/nvg6rd3qw1ww83yo?singleDoc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10251`	vulnerable	2026-06-08 07:02:26.509081	FoxCMS Images.php batchCope sql injection MEDIUM (6.3) A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-09-11T13:02:06.501Z Updated: 2025-09-11T13:33:52.704Z Open on db.gcve.eu Reference links https://vuldb.com/?id.323611 https://vuldb.com/?ctiid.323611 https://vuldb.com/?submit.642476 https://github.com/ueh1013/VULN/issues/3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12901`	vulnerable	2026-06-08 06:25:36.307616	FoxCMS API Endpoint Site.php improper authorization MEDIUM (5.3) A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2024-12-23T02:00:12.678Z Updated: 2024-12-24T02:03:30.493Z Open on db.gcve.eu Reference links https://vuldb.com/?id.289171 https://vuldb.com/?ctiid.289171 https://vuldb.com/?submit.467703 https://note.zhaoj.in/share/8l4RPA2zcxRr	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12900`	vulnerable	2026-06-08 06:25:36.305339	FoxCMS Configuration File installdb.php code injection MEDIUM (6.3) A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2024-12-23T01:31:05.891Z Updated: 2024-12-24T02:05:11.393Z Open on db.gcve.eu Reference links https://vuldb.com/?id.289170 https://vuldb.com/?ctiid.289170 https://vuldb.com/?submit.467658 https://note.zhaoj.in/share/iDCwOv9vfDTI	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.