CVE Details
Basic Information
| Title | FoxCMS Download.php batchCope sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-15T22:31:05.526Z |
| Last Seen |
Product Information
| Vendor | n/a |
|---|---|
| Product | FoxCMS |
| Version | 1.2.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in FoxCMS versions up to 1.2.5, specifically in the batchCope function of the Download.php file. This allows attackers to execute arbitrary SQL commands via the ‘ids’ parameter, potentially compromising the database. The vulnerability is remotely exploitable and has been publicly disclosed. |
|---|---|
| AI Severity | High |
| Vendor | FoxCMS |
| Product | FoxCMS |
| Affected Version | up to 1.2.5 |
Affected Products
- n/a FoxCMS 1.2.0
- n/a FoxCMS 1.2.1
- n/a FoxCMS 1.2.2
- n/a FoxCMS 1.2.3
- n/a FoxCMS 1.2.4
- n/a FoxCMS 1.2.5
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.