How severe is CVE-2024-12901?

CVE-2024-12901 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2024-12901

Name: foxcms
Author: qianfox

5.3MEDIUM

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint.

Published: 12/23/2024Updated: 7/15/2025

Description

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AI AnalysisPowered by AI

Affected Products

qianfoxfoxcms

References

https://note.zhaoj.in/share/8l4RPA2zcxRr
Broken Link
https://vuldb.com/?ctiid.289171
Permissions RequiredVDB Entry
https://vuldb.com/?id.289171
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.467703
Third Party AdvisoryVDB Entry