CVE-2025-5155

Medium CVSS: 5.3

A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Foxcms

Product

Foxcms

CWE

CWE-74

Yayın Tarihi

2025-05-25 20:15:19

Güncelleme

2025-06-03 15:49:04

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Foxcms MEDIUM Foxcms 2025

Referanslar

https://github.com/xiaoyangsec/foxcms_sql_injection/blob/main/foxcms_sql_injection.md https://vuldb.com/?ctiid.310243 https://vuldb.com/?id.310243 https://vuldb.com/?submit.576286 https://github.com/xiaoyangsec/foxcms_sql_injection/blob/main/foxcms_sql_injection.md

Benzer Kayıtlar

Medium

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the fil…

Medium

CVE-2025-10251

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/adm…

High

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Colum…

Medium

CVE-2025-56435

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file…

High

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.

High

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbi…