← volver
CVE-2026-9609

QianFox FoxCMS Admin.php edit password recovery

CVSS 5.1 MEDIUMEPSS 0.2%CWE-640
A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
QianFox · FoxCMS
PoCs públicas encontradas1
cve_referencegithub.com/QianFox/FoxCMS/issues/3no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/QianFox/FoxCMS/https://github.com/QianFox/FoxCMS/issues/3https://vuldb.com/submit/818343https://vuldb.com/vuln/365682https://vuldb.com/vuln/365682/cti