PT-2025-29490 · Foxcms · Foxcms
Y4Y17
·
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2025-51650
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
FoxCMS version 1.2.6
Description:
An arbitrary file upload vulnerability exists in the
/controller/PicManager.php component. This allows attackers to execute arbitrary code by uploading a crafted template file.Recommendations:
Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting file upload permissions to the
/controller/PicManager.php component.Exploit
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxcms