A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |
Title | FoxCMS Configuration File installdb.php code injection | |
Weaknesses | CWE-74 CWE-94 |
|
References |
| |
Metrics |
cvssV2_0
|
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2024-12-23T01:31:05.891Z
Updated: 2024-12-23T01:31:05.891Z
Reserved: 2024-12-22T16:47:38.979Z
Link: CVE-2024-12900
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-23T02:15:05.630
Modified: 2024-12-23T02:15:05.630
Link: CVE-2024-12900
Redhat
No data.