CNNVD-202506-1844 Information

CNNVD ID

CNNVD-202506-1844

Related CVE

CVE-2025-6094

• CNNVD Published: 2025-06-15

Description (Chinese)

FoxCMS是中国黔狐（FoxCMS）公司的一套可免费商用开源的内容管理系统。 FoxCMS 1.2.5及之前版本存在注入漏洞，该漏洞源于文件app/admin/controller/Download.php中参数ids的错误操作导致SQL注入。

Description (English)

FoxCMS is a free, commercial, open-source content management system for the Chinese company FoxCMS. FoxCMS 1.2.5 and previous versions had an injection loophole, resulting from the error of the parameter ids in documentapp/admin/controller/Download.php, which resulted in the SQL injection.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

黔狐

Published

2025-06-15

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.312563 https://vuldb.com/?submit.588807 https://vuldb.com/?id.312563 https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md https://access.redhat.com/security/cve/cve-2025-6094