CVE-2025-5155 – FoxCMS SQL Injection Vulnerability

May 25, 2025

CVE ID : CVE-2025-5155

Published : May 25, 2025, 8:15 p.m. | 41 minutes ago

Description : A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleBox64 is a Linux userspace x86-64 emulator

Next Article CVE-2025-5154 – PhonePe SQLite Database Cleartext Storage Vulnerability

Highlights

CVE-2025-23169 – Versa Networks Director Cross-Site Scripting Vulnerability

June 18, 2025

CVE ID : CVE-2025-23169

Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting (XSS) payloads.

Exploitation Status:

Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

Workarounds or Mitigation:

There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-36004: IBM i Vulnerability Allows Privilege Escalation

June 25, 2025

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

June 13, 2025

PHP Fatal Error Backtraces in PHP 8.5

July 11, 2025

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

You’ve got to try these 5 premium Minecraft add-ons — Dinosaurs, security systems, and more really shake up Bedrock Edition

This Microsoft pay scale reveals AI pros are making bank — with compensation packages reaching up to $336,000/year

ZeniMax QA testers face whiplash and “rancid” work morale following Microsoft’s gaming layoffs — but the union still fights

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

You’ve got to try these 5 premium Minecraft add-ons — Dinosaurs, security systems, and more really shake up Bedrock Edition

This Microsoft pay scale reveals AI pros are making bank — with compensation packages reaching up to $336,000/year

CVE-2025-5155 – FoxCMS SQL Injection Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

A Comprehensive Guide to LLM Routing: Tools and Frameworks

The secret to Linux’s remarkable journey from one dev’s hobby to 40 million lines of code

CVE-2025-52903 – Apache File Browser Command Execution Vulnerability

CVE-2025-23169 – Versa Networks Director Cross-Site Scripting Vulnerability

CVE-2025-36004: IBM i Vulnerability Allows Privilege Escalation

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

PHP Fatal Error Backtraces in PHP 8.5

CVE-2025-5155 – FoxCMS SQL Injection Vulnerability

Related Posts