VDB-312563 · CVE-2025-6094 · EUVD-2025-18349

qianfox FoxCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.2.5 Download.php batchCope ids SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu qianfox FoxCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.2.5 keessatti argameera. Miidhamni argame is hojii batchCope faayilii app/admin/controller/Download.php keessa. Wanti jijjiirame irratti ids gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-89 si geessa. Odeeffannoon kun yeroo 06/15/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2025-6094 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

5 ଆଡାପ୍ଟେସନ୍ · 89 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/15/2025 08:55 AM	ଅଦ୍ୟତନ 1/4 06/16/2025 01:37 AM	ଅଦ୍ୟତନ 2/4 06/16/2025 04:23 AM	ଅଦ୍ୟତନ 3/4 06/16/2025 11:35 AM	ଅଦ୍ୟତନ 4/4 07/13/2025 09:05 AM
software_name	FoxCMS	FoxCMS	FoxCMS	FoxCMS	FoxCMS
software_version	<=1.2.5	<=1.2.5	<=1.2.5	<=1.2.5	<=1.2.5
software_file	app/admin/controller/Download.php	app/admin/controller/Download.php	app/admin/controller/Download.php	app/admin/controller/Download.php	app/admin/controller/Download.php
software_function	batchCope	batchCope	batchCope	batchCope	batchCope
software_argument	ids	ids	ids	ids	ids
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_url	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md	https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md
source_cve	CVE-2025-6094	CVE-2025-6094	CVE-2025-6094	CVE-2025-6094	CVE-2025-6094
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	L	L	L	L	L
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_pr	L	L	L	L	L
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	6.3	6.3
cvss3_meta_tempscore	5.7	6.0	6.0	6.0	6.0
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1	2.1
advisory_date	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N	N
cvss4_cna_ac		L	L	L	L
cvss4_cna_at		N	N	N	N
cvss4_cna_pr		L	L	L	L
cvss4_cna_ui		N	N	N	N
cvss4_cna_vc		L	L	L	L
cvss4_cna_vi		L	L	L	L
cvss4_cna_va		L	L	L	L
cvss4_cna_sc		N	N	N	N
cvss4_cna_si		N	N	N	N
cvss4_cna_sa		N	N	N	N
cvss4_cna_bscore		5.3	5.3	5.3	5.3
cvss3_cna_av		N	N	N	N
cvss3_cna_ac		L	L	L	L
cvss3_cna_pr		L	L	L	L
cvss3_cna_ui		N	N	N	N
cvss3_cna_s		U	U	U	U
cvss3_cna_c		L	L	L	L
cvss3_cna_i		L	L	L	L
cvss3_cna_a		L	L	L	L
cvss3_cna_basescore		6.3	6.3	6.3	6.3
cvss2_cna_av		N	N	N	N
cvss2_cna_ac		L	L	L	L
cvss2_cna_au		S	S	S	S
cvss2_cna_ci		P	P	P	P
cvss2_cna_ii		P	P	P	P
cvss2_cna_ai		P	P	P	P
cvss2_cna_basescore		6.5	6.5	6.5	6.5
euvd_id			EUVD-2025-18349	EUVD-2025-18349	EUVD-2025-18349
cve_nvd_summaryes				Se ha detectado una vulnerabilidad, clasificada como crítica, en FoxCMS hasta la versión 1.2.5. Este problema afecta a la función batchCope del archivo app/admin/controller/Download.php. La manipulación de los identificadores de los argumentos provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.	Se ha detectado una vulnerabilidad, clasificada como crítica, en FoxCMS hasta la versión 1.2.5. Este problema afecta a la función batchCope del archivo app/admin/controller/Download.php. La manipulación de los identificadores de los argumentos provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
software_vendor					qianfox
software_type					Content Management System

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!