A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |
Title | FoxCMS API Endpoint Site.php improper authorization | |
Weaknesses | CWE-266 CWE-285 |
|
References |
| |
Metrics |
cvssV2_0
|
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2024-12-23T02:00:12.678Z
Updated: 2024-12-23T02:00:12.678Z
Reserved: 2024-12-22T16:47:42.870Z
Link: CVE-2024-12901
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-23T02:15:06.613
Modified: 2024-12-23T02:15:06.613
Link: CVE-2024-12901
Redhat
No data.