CVE-2025-45239

An issue in the restores method DataBackup.php of foxcms v2.0.6 allows attackers to execute a directory traversal...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

CVE-2025-29181

FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...

Exploit for Code Injection in Foxcms

CVE-2025-29306 - FoxCMS Remote Code Execution Exploit !Pytho...

FoxCMS Field.php File SQL Injection Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.25 and previous versions of SQL injection vulnerability, the vulnerability stems from /admin/util/Field.php $param title parameter lack of validation of external input SQL statements. An attacker...

Exploit for Code Injection in Foxcms

FOXCMS Parameter Injection RCE – CVE-2025-29306 This reposito...

FoxCMS 1.2.5 - Remote Code Execution (RCE)

Date: 2025-04-17 Exploit Title: Exploit Author: VeryLazyTech Vendor Homepage: https://www.foxcms.org/ Software Link: https://www.foxcms.cn/ Version: FoxCMS v.1.2.5 Tested on: Ubuntu 22.04, Windows Server 2019 CVE: CVE-2025-29306 Website: https://www.verylazytech.com !/bin/bash banner cat " exit 1...

CVE-2025-29181

FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...

CVE-2025-29181

FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

Exploit for Code Injection in Foxcms

POC - CVE-2025-29306 FOXCMS /images/index.html Code Execution...

CVE-2025-29180

FOXCMS

CVE-2025-29181

FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.25 and previous versions of SQL injection vulnerability, the vulnerability stems from /admin/util/Field.php $param title parameter lack of validation of external input SQL statements. An attacker...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianhuox FoxCMS company. A security vulnerability exists in FoxCMS 1.25 and earlier versions, which stems from insufficient filtering of the urlprefix, domain and mywebsite parameters in the installdb.php file, which may...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

PT-2025-17204 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FOXCMS versions prior to V1.25 Description: The issue allows for SQL Injection via the title parameter in the /admin/util/Field.php file. Recommendations: For versions prior to V1.25, consider restricting access to the title parameter in the...

CVE-2025-29181

FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...

CVE-2025-29181

Summary of CVE-2025-29181 : FoxCMS is affected by a SQL Injection in the Field.php file, via the parameter $param['title'] in /admin/util/Field.php. Multiple sources indicate the issue exists in FoxCMS versions prior to or at V1.25, with the root cause being lack of input validation for the title...