← volver
CVE-2026-9609

QianFox FoxCMS Admin.php edit password recovery

CVSS 5.1 MEDIUMEPSS 0.2%CWE-640
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 5.1EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
27 may 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
QianFox · FoxCMS
PoCs públicas encontradas1
cve_referencegithub.com/QianFox/FoxCMS/issues/3no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/QianFox/FoxCMS/https://github.com/QianFox/FoxCMS/issues/3https://vuldb.com/submit/818343https://vuldb.com/vuln/365682https://vuldb.com/vuln/365682/cti