Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

Published

2025-07-14T17:15:33.270

Last Modified

2025-07-15T16:57:46.893

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qianfox	foxcms	≤ 1.2.6	Yes

References

https://github.com/Y4y17/Foxcms/blob/main/Foxcms%20%3C%3D%20v1.2.6%20RCE.md Exploit, Third Party Advisory ([email protected])