CVE-2025-6094 – FoxCMS SQL Injection Vulnerability

June 15, 2025

CVE ID : CVE-2025-6094

Published : June 15, 2025, 11:15 p.m. | 2 hours, 7 minutes ago

Description : A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6095 – Jasmin Ransomware SQL Injection Vulnerability

Next Article CVE-2025-6093 – “uYanki Board-STM32F103RC-Buffer Overflow Vulnerability”

Highlights

CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

April 25, 2025

CVE ID : CVE-2025-3870

Published : April 25, 2025, 9:15 a.m. | 2 hours, 32 minutes ago

Description : The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

The 5 gadgets that got me through marathons and obstacle races (and why they work)

This beastly 500W charger replaced every other charger I had – with six ports to boot

Mac Mini won’t power on? Apple will fix it for you – for free

Why I’m switching to VS Code. Hint: It’s all about AI tool integration

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

Building Construction suppliers in India

Neutralinojs v6.1 released

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Windows 11 test builds are accidentally playing the Windows Vista startup sound

Leaked: ROG Xbox Ally and Xbox Ally X pre-orders set for August, launch in October

CVE-2025-6094 – FoxCMS SQL Injection Vulnerability

Apache Tomcat Vulnerabilities Allow Authentication Bypass and DoS Attacks

VS meldt actief misbruik van beveiligingslek in wifi-routers TP-Link

Laravel: How to Customize Verification Email Text

CVE-2025-5438 – Linksys WPS Command Injection Vulnerability

CVE-2025-46756 – Apache HTTP Server Unvalidated User Input

CVE-2025-37814 – Linux Kernel TTY Mouse Reporting Vulnerability

CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

CVE-2025-43700 – Salesforce OmniStudio FlexCards Data Exposure Permission Vulnerability

Firefox 139 Brings Custom New Tab Wallpapers, Better Upload Speeds

CVE-2025-5303 – Freightview, Daylight, Day & Ross WordPress Plugins – Stored Cross-Site Scripting

CVE-2025-6094 – FoxCMS SQL Injection Vulnerability

Related Posts