CVE-2025-7568

Medium CVSS: 5.3

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Qianfox

Product

Foxcms

CWE

CWE-74

Yayın Tarihi

2025-07-14 04:15:42

Güncelleme

2025-07-15 18:31:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Foxcms MEDIUM Qianfox 2025

Referanslar

https://github.com/beauty12345678/CVE/blob/main/foxcms_sql.md https://vuldb.com/?ctiid.316266 https://vuldb.com/?id.316266 https://vuldb.com/?submit.603778

Benzer Kayıtlar

Medium

CVE-2025-11306

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the…

Medium

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to…

Medium

CVE-2025-6094

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the…

Critical

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Medium

CVE-2025-45239

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

Medium

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.