| Titel | FoxCMS <=1.2 Config injection |
|---|
| Beschreibung | FoxCMS versions ≤1.2 have a critical remote code execution (RCE) vulnerability in the /install/installdb.php file. An attacker can exploit this vulnerability by injecting malicious code into the database password field, which gets written to the configuration file and subsequently executed. This allows the attacker to gain remote code execution on the server. |
|---|
| Quelle | ⚠️ https://note.zhaoj.in/share/iDCwOv9vfDTI |
|---|
| Benutzer | glzjin (UID 59815) |
|---|
| Einreichung | 22.12.2024 11:37 (vor 1 Jahr) |
|---|
| Moderieren | 22.12.2024 17:47 (6 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 289170 [FoxCMS bis 1.2 Configuration File /install/installdb.php database password erweiterte Rechte] |
|---|
| Punkte | 18 |
|---|