CVE-2025-46154

Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...

CVE-2025-46154

Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...

CVE-2025-46154

Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...

CVE-2025-46154

Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...

PT-2025-23616 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: Foxcms version 1.25 Description: The issue is related to a SQL time injection in the installdb.php script, specifically affecting the $ POST'dbname' parameter. This allows for potential exploitation. Recommendations: For Foxcms version 1.25,...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. A security vulnerability exists in FoxCMS v1.2.5, which is caused by SQL time injection in the $POST dbname parameter in installdb.php...

CVE-2025-46154

Foxcms v1.25 contains a SQL time injection in installdb.php via the $_POST['dbname'] parameter, enabling likely remote exploitation with high impact (CWE-style: SQL injection; CVSS v3.1 base score 8.4, LOCAL/vector L, no user interaction, high confidentiality/ integrity/ availability impact). The...

CVE-2025-5155

A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit h...

CVE-2025-5155

A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit h...

CVE-2025-5155 qianfox FoxCMS Article.php batchCope sql injection

A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit h...

CVE-2025-5155 qianfox FoxCMS Article.php batchCope sql injection

A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit h...

CVE-2025-5155

CVE-2025-5155 affects qianfox FoxCMS 1.2.5; the bug is in the batchCope function of app/admin/controller/Article.php, where manipulation of the ids argument enables SQL injection. The issue can be exploited remotely and exploitation has been publicly disclosed. Several sources confirm the vulnera...

PT-2025-22867 · Qianfox · Foxcms

Name of the Vulnerable Software and Affected Versions: qianfox FoxCMS version 1.2.5 Description: A critical issue has been found in the batchCope function of the app/admin/controller/Article.php file. The manipulation of the ids argument leads to SQL injection. This issue can be exploited remotel...

FoxCMS 注入漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. An injection vulnerability exists in FoxCMS version 1.2.5, which is caused by incorrect manipulation of the parameter ids in the file app/admin/controller/Article.php resulting in SQL injection...

CVE-2024-12901

A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be...

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

Exploit for Code Injection in Foxcms

Description Published: 2025-03-27 Updated: 2025-03-27 An...

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method...

CVE-2025-45239

An issue in the restores method DataBackup.php of foxcms v2.0.6 allows attackers to execute a directory traversal...

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...