CVE-2025-45240

Medium CVSS: 6.5

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.

Vendor

Product

CWE

Yayın Tarihi

2025-05-05 17:18:49

Güncelleme

2025-06-12 17:44:27

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Foxcms MEDIUM Qianfox 2025

https://gist.github.com/chao112122/648033972709fb50b3c89363cd64a9a4 https://gitee.com/qianfox/foxcms

Medium

CVE-2025-11306

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the…

Medium

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to…

Medium

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function ba…

Medium

CVE-2025-6094

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the…

Critical

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Medium

CVE-2025-45239

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.