FoxCMS 漏洞列表

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.

bloofoxCMS contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.

FoxCMS是中国黔狐（FoxCMS）公司的一套可免费商用开源的内容管理系统。 FoxCMS 1.2.5及之前版本存在注入漏洞，该漏洞源于文件app/admin/controller/Download.php中参数ids的错误操作导致SQL注入。

FoxCMS是一套可免费商用开源的内容管理系统，采用PHP+MySQL架构。内置企业常用的内容模型，如单页、文章、产品、图集、视频、反馈、下载等，并配备丰富的模板标签及强大的SEO和伪静态优化机制。FOXCMS黔狐内容管理系统存在服务参数注入漏洞，攻击者可利用该漏洞获取服务器控制权。