Every CVE whose affected-product data names Qianfox Foxcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-45238 — CVSS 9.1 (critical): foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.
CVE-2025-45240 — CVSS 6.5 (medium): foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
CVE-2024-12900 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file…
CVE-2025-6094 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope…
CVE-2025-7568 — CVSS 6.3 (medium): A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file…
CVE-2025-51650 — CVSS 5.6 (medium): An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary…
CVE-2025-45239 — CVSS 5.3 (medium): An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
CVE-2024-12901 — CVSS 5.3 (medium): A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-2653 — CVSS 4.3 (medium): A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The…
CVE-2025-11306 — CVSS 4.3 (medium): A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search…