CVE-2025-6094

Опубликовано: 15 июн. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.312563
Permissions Required
VDB Entry
https://vuldb.com/?id.312563
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.588807
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qianfox:foxcms:*:*:*:*:*:*:*:*

Версия до 1.2.5 (включая)

EPSS

Процентиль: 13%

0.00044

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-gcq5-qc75-mh9g

CVSS3: 6.3

github

8 месяцев назад

A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 13%

0.00044

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74