| Furɗe | Súgá
06/15/2025 08:55 | Gargadi 1/4
06/16/2025 01:37 | Gargadi 2/4
06/16/2025 04:23 | Gargadi 3/4
06/16/2025 11:35 | Gargadi 4/4
07/13/2025 09:05 |
|---|
| software_name | FoxCMS | FoxCMS | FoxCMS | FoxCMS | FoxCMS |
| software_version | <=1.2.5 | <=1.2.5 | <=1.2.5 | <=1.2.5 | <=1.2.5 |
| software_file | app/admin/controller/Download.php | app/admin/controller/Download.php | app/admin/controller/Download.php | app/admin/controller/Download.php | app/admin/controller/Download.php |
| software_function | batchCope | batchCope | batchCope | batchCope | batchCope |
| software_argument | ids | ids | ids | ids | ids |
| vulnerability_cwe | CWE-89 (SQL Injection) | CWE-89 (SQL Injection) | CWE-89 (SQL Injection) | CWE-89 (SQL Injection) | CWE-89 (SQL Injection) |
| vulnerability_risk | 2 | 2 | 2 | 2 | 2 |
| cvss3_vuldb_av | N | N | N | N | N |
| cvss3_vuldb_ac | L | L | L | L | L |
| cvss3_vuldb_ui | N | N | N | N | N |
| cvss3_vuldb_s | U | U | U | U | U |
| cvss3_vuldb_c | L | L | L | L | L |
| cvss3_vuldb_i | L | L | L | L | L |
| cvss3_vuldb_a | L | L | L | L | L |
| cvss3_vuldb_e | P | P | P | P | P |
| cvss3_vuldb_rc | R | R | R | R | R |
| advisory_url | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md |
| exploit_availability | 1 | 1 | 1 | 1 | 1 |
| exploit_publicity | 1 | 1 | 1 | 1 | 1 |
| exploit_url | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md | https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md |
| source_cve | CVE-2025-6094 | CVE-2025-6094 | CVE-2025-6094 | CVE-2025-6094 | CVE-2025-6094 |
| cna_responsible | VulDB | VulDB | VulDB | VulDB | VulDB |
| cvss2_vuldb_av | N | N | N | N | N |
| cvss2_vuldb_ac | L | L | L | L | L |
| cvss2_vuldb_ci | P | P | P | P | P |
| cvss2_vuldb_ii | P | P | P | P | P |
| cvss2_vuldb_ai | P | P | P | P | P |
| cvss2_vuldb_e | POC | POC | POC | POC | POC |
| cvss2_vuldb_rc | UR | UR | UR | UR | UR |
| cvss4_vuldb_av | N | N | N | N | N |
| cvss4_vuldb_ac | L | L | L | L | L |
| cvss4_vuldb_ui | N | N | N | N | N |
| cvss4_vuldb_vc | L | L | L | L | L |
| cvss4_vuldb_vi | L | L | L | L | L |
| cvss4_vuldb_va | L | L | L | L | L |
| cvss4_vuldb_e | P | P | P | P | P |
| cvss2_vuldb_au | S | S | S | S | S |
| cvss2_vuldb_rl | ND | ND | ND | ND | ND |
| cvss3_vuldb_pr | L | L | L | L | L |
| cvss3_vuldb_rl | X | X | X | X | X |
| cvss4_vuldb_at | N | N | N | N | N |
| cvss4_vuldb_pr | L | L | L | L | L |
| cvss4_vuldb_sc | N | N | N | N | N |
| cvss4_vuldb_si | N | N | N | N | N |
| cvss4_vuldb_sa | N | N | N | N | N |
| cvss2_vuldb_basescore | 6.5 | 6.5 | 6.5 | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.6 | 5.6 | 5.6 | 5.6 | 5.6 |
| cvss3_vuldb_basescore | 6.3 | 6.3 | 6.3 | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 5.7 | 5.7 | 5.7 | 5.7 | 5.7 |
| cvss3_meta_basescore | 6.3 | 6.3 | 6.3 | 6.3 | 6.3 |
| cvss3_meta_tempscore | 5.7 | 6.0 | 6.0 | 6.0 | 6.0 |
| cvss4_vuldb_bscore | 5.3 | 5.3 | 5.3 | 5.3 | 5.3 |
| cvss4_vuldb_btscore | 2.1 | 2.1 | 2.1 | 2.1 | 2.1 |
| advisory_date | 1749938400 (06/15/2025) | 1749938400 (06/15/2025) | 1749938400 (06/15/2025) | 1749938400 (06/15/2025) | 1749938400 (06/15/2025) |
| price_0day | $0-$5k | $0-$5k | $0-$5k | $0-$5k | $0-$5k |
| cve_nvd_summary | | A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| cvss4_cna_av | | N | N | N | N |
| cvss4_cna_ac | | L | L | L | L |
| cvss4_cna_at | | N | N | N | N |
| cvss4_cna_pr | | L | L | L | L |
| cvss4_cna_ui | | N | N | N | N |
| cvss4_cna_vc | | L | L | L | L |
| cvss4_cna_vi | | L | L | L | L |
| cvss4_cna_va | | L | L | L | L |
| cvss4_cna_sc | | N | N | N | N |
| cvss4_cna_si | | N | N | N | N |
| cvss4_cna_sa | | N | N | N | N |
| cvss4_cna_bscore | | 5.3 | 5.3 | 5.3 | 5.3 |
| cvss3_cna_av | | N | N | N | N |
| cvss3_cna_ac | | L | L | L | L |
| cvss3_cna_pr | | L | L | L | L |
| cvss3_cna_ui | | N | N | N | N |
| cvss3_cna_s | | U | U | U | U |
| cvss3_cna_c | | L | L | L | L |
| cvss3_cna_i | | L | L | L | L |
| cvss3_cna_a | | L | L | L | L |
| cvss3_cna_basescore | | 6.3 | 6.3 | 6.3 | 6.3 |
| cvss2_cna_av | | N | N | N | N |
| cvss2_cna_ac | | L | L | L | L |
| cvss2_cna_au | | S | S | S | S |
| cvss2_cna_ci | | P | P | P | P |
| cvss2_cna_ii | | P | P | P | P |
| cvss2_cna_ai | | P | P | P | P |
| cvss2_cna_basescore | | 6.5 | 6.5 | 6.5 | 6.5 |
| euvd_id | | | EUVD-2025-18349 | EUVD-2025-18349 | EUVD-2025-18349 |
| cve_nvd_summaryes | | | | Se ha detectado una vulnerabilidad, clasificada como crítica, en FoxCMS hasta la versión 1.2.5. Este problema afecta a la función batchCope del archivo app/admin/controller/Download.php. La manipulación de los identificadores de los argumentos provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. | Se ha detectado una vulnerabilidad, clasificada como crítica, en FoxCMS hasta la versión 1.2.5. Este problema afecta a la función batchCope del archivo app/admin/controller/Download.php. La manipulación de los identificadores de los argumentos provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. |
| software_vendor | | | | | qianfox |
| software_type | | | | | Content Management System |