| Title | Guizhou QianFox Technology Co., Ltd. FoxCMS <= 1.2.61 High |
|---|
| Description | A vulnerability was found in FoxCMS up to version 1.2.61. The function delRestoreFile in app/admin/controller/DataBackup.php allows authenticated attackers to delete arbitrary files via manipulation of the id parameter. The application does not properly validate user-supplied input, leading to path traversal and arbitrary file deletion. |
|---|
| Source | ⚠️ https://github.com/zzk6th/my-cve-notes/blob/main/FoxCMS%20DataBackup%20Controller%20Arbitrary%20File%20Delete%20Vulnerability.md |
|---|
| User | z0ng (UID 96775) |
|---|
| Submission | 03/25/2026 04:47 (25 days ago) |
|---|
| Moderation | 04/17/2026 09:38 (23 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 307506 [FoxCMS 2.0.6 Restore DataBackup.php path traversal] |
|---|
| Points | 0 |
|---|