A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
History

Mon, 23 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title FoxCMS API Endpoint Site.php improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-23T02:00:12.678Z

Updated: 2024-12-23T02:00:12.678Z

Reserved: 2024-12-22T16:47:42.870Z

Link: CVE-2024-12901

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2024-12-23T02:15:06.613

Modified: 2024-12-23T02:15:06.613

Link: CVE-2024-12901

cve-icon Redhat

No data.