CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

CVE•added 2025/06/03 12:0 a.m.•43 views

CVE-2025-46154

Foxcms v1.25 contains a SQL time injection in installdb.php via the $_POST['dbname'] parameter, enabling likely remote exploitation with high impact (CWE-style: SQL injection; CVSS v3.1 base score 8.4, LOCAL/vector L, no user interaction, high confidentiality/ integrity/ availability impact). The...

8.4CVSS8.7AI score0.001EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/05/05 12:0 a.m.•5 views

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...

7.8AI score0.00203EPSS

Exploits1References2

CNVD•added 2025/04/25 12:0 a.m.•7 views

FoxCMS Field.php File SQL Injection Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.25 and previous versions of SQL injection vulnerability, the vulnerability stems from /admin/util/Field.php $param title parameter lack of validation of external input SQL statements. An attacker...

7.2CVSS7.9AI score0.00248EPSS

Exploits0References1

Vulnrichment•added 2025/04/17 12:0 a.m.•5 views

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

7.4AI score0.00248EPSS

Exploits0References1

CVE•added 2025/04/17 12:0 a.m.•54 views

CVE-2025-29180

FOXCMS

7.2CVSS8.1AI score0.00248EPSS

Exploits0References1Affected Software1

Rows per page