SQL Injection Vulnerability in FoxCMS by QianFox
CVE-2025-45240

6.5MEDIUM

Key Information:

Vendor: QianFox
Status: FoxCMS
Vendor: CVE Published:; 5 May 2025

What is CVE-2025-45240?

FoxCMS version 1.2.5 has been found to have a vulnerability that allows SQL injection through the executeCommand method in the DataBackup.php file. This flaw could potentially be exploited by attackers to execute arbitrary SQL commands, leading to unauthorized access to sensitive data or manipulation of the database. It is crucial for users of FoxCMS to address this security issue promptly to safeguard against potential data breaches.

References

https://gitee.com/qianfox/foxcms

https://gist.github.com/chao112122/648033972709fb50b3c893...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Apr 22, 2025

JSON