| Title | FoxCMS <=1.2.0 Auth bypass |
|---|
| Description | FoxCMS versions ≤1.2 contain an authentication bypass vulnerability in the `/app/api/controller/Site.php` file. An attacker can exploit this vulnerability by sending a specially crafted request to the API endpoint, which allows anonymous users to reset the admin's password. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/8l4RPA2zcxRr |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 12/22/2024 03:33 PM (1 Year ago) |
|---|
| Moderation | 12/22/2024 05:47 PM (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289171 [FoxCMS up to 1.2 API Endpoint Site.php Password improper authorization] |
|---|
| Points | 17 |
|---|