Primary

Context

FoxCMS Directory Traversal Vulnerability in DataBackup.php Restores Method

Vulnerability

A directory traversal vulnerability has been identified in FoxCMS version 2.0.6, specifically within the restores method of the DataBackup.php file. This issue allows attackers to manipulate the idList parameter to access arbitrary files on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, such as system configuration files or credentials.

Reproduction

To reproduce this vulnerability, send a JSON request payload to the restores method endpoint, including the idList parameter with a crafted value that traverses directories, such as '../../../../../../etc/passwd'. The server response will include the contents of the requested file, demonstrating the successful exploitation of the directory traversal issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FoxCMS Directory Traversal Vulnerability in DataBackup.php Restores Method

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating