CVE-2026-9609— QianFox FoxCMS Admin.php edit password recovery
Possible ATT&CK Techniques 1AI
T1110.004 · Credential StuffingGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9609
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
QianFox FoxCMS Admin.php edit password recovery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
忘记口令恢复机制弱
Source: NVD (National Vulnerability Database)
Vulnerability Title
FoxCMS 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FoxCMS是中国黔狐(FoxCMS)公司的一套可免费商用开源的内容管理系统。 FoxCMS 1.2.6及之前版本存在授权问题漏洞,该漏洞源于Admin.php文件中Edit函数存在弱密码恢复漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9609
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9609
请登录查看更多情报信息。
Exploits & Public PoCs for CVE-2026-9609 (1)
IV. Related Vulnerabilities
Same product: FoxCMS
- CVE-2026-9608
QianFox FoxCMS Administrator Backend edit cross site scripti - CVE-2025-12920
qianfox FoxCMS Product.php edit cross site scripting - CVE-2025-11306
qianfox FoxCMS Search cross site scripting - CVE-2025-10251
FoxCMS Images.php batchCope sql injection - CVE-2025-7568
qianfox FoxCMS Video.php batchCope sql injection
Same vendor: QianFox
- CVE-2026-9608
QianFox FoxCMS Administrator Backend edit cross site scripti - CVE-2025-12920
qianfox FoxCMS Product.php edit cross site scripting - CVE-2025-11306
qianfox FoxCMS Search cross site scripting - CVE-2025-7568
qianfox FoxCMS Video.php batchCope sql injection - CVE-2025-6094
qianfox FoxCMS Download.php batchCope sql injection
Same weakness: CWE-640
- CVE-2026-12066
PbootCMS Password MemberController.php retrieve password rec - CVE-2026-50635
LimeSurvey Password Reset Host Header Injection Discloses Re - CVE-2026-10169
OUSL-GROUP-BrinaryBrains School Student Management System Fo - CVE-2026-7459
Simple History – Track, Log, and Audit WordPress Changes <= - CVE-2026-35676
phpMyFAQ - Unauthenticated Password Reset via User Password
V. Comments for CVE-2026-9609
No comments yet