CVE-2026-9609

Sažetak

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/QianFox/FoxCMS/
https://github.com/QianFox/FoxCMS/issues/3
https://vuldb.com/submit/818343
https://vuldb.com/vuln/365682
https://vuldb.com/vuln/365682/cti

CVSS

Base:	5.8
Impact:	6.4
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-05-2026 - 02:16

Objavljeno

27-05-2026 - 02:16