CVE-2025-29180 Information

Description

In FOXCMS <=1.25 the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix domain and my_website POST parameters are directly concatenated into SQL statements without filtering.

Reference

https://gist.github.com/X1lyS/5075ba1e6bebff26fcd58609493fd5f2 In FOXCMS <=1.25 the installdb.php file has a time

based blind SQL injection vulnerability. The url_prefix domain and my_website POST parameters are directly concatenated into SQL statements without filtering.