Primary

Context

FoxCMS Arbitrary File Upload Vulnerability in LocalTemplate.php Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in FoxCMS version 1.2.5. This issue resides in the LocalTemplate.php component, where attackers can upload a specially crafted Zip file that leads to the execution of arbitrary code.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where FoxCMS is installed.

Reproduction

To reproduce this vulnerability, upload a crafted Zip file through the application's file upload feature. The file should be designed to exploit the arbitrary file upload vulnerability by including malicious code that can be executed on the server.

Remediation

Users are advised to update to FoxCMS version 1.2.6, which includes security enhancements to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FoxCMS Arbitrary File Upload Vulnerability in LocalTemplate.php Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating