Primary

Context

FoxCMS Code Execution Vulnerability in Template File Editing

Vulnerability

A code execution vulnerability exists in FoxCMS versions through 1.2.5, specifically within the admin/template_file/editFile.html file. The issue arises from inadequate filtering of PHP short tags and potentially dangerous functions, allowing malicious scripts to be injected and executed.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Reproduction

To reproduce this vulnerability, navigate to the template file editing feature in the admin panel. Select a template file, such as index.html, and inject a malicious script into it. After submitting the changes, the injected script will be executed, demonstrating successful exploitation.

Added: Aug 7, 2025, 7:24 PM

Updated: Aug 7, 2025, 10:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FoxCMS Code Execution Vulnerability in Template File Editing

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating