CVE-2025-10251

Medium CVSS: 5.3

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Foxcms

Product

Foxcms

CWE

CWE-74

Yayın Tarihi

2025-09-11 13:15:53

Güncelleme

2025-10-02 19:38:41

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Foxcms MEDIUM Foxcms 2025

Referanslar

https://github.com/ueh1013/VULN/issues/3 https://vuldb.com/?ctiid.323611 https://vuldb.com/?id.323611 https://vuldb.com/?submit.642476 https://github.com/ueh1013/VULN/issues/3 https://vuldb.com/?submit.642476

Benzer Kayıtlar

Medium

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the fil…

High

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Colum…

Medium

CVE-2025-56435

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file…

High

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.

High

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbi…

High

CVE-2025-55420

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is…