VYPR
Unrated severityNVD Advisory· Published Dec 23, 2024· Updated Dec 24, 2024

FoxCMS API Endpoint Site.php improper authorization

CVE-2024-12901

Description

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected products

2
  • Foxcms/Foxcmscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=1.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.