CVE-2025-10251 | FoxCMS up to 1.24 Images.php batchCope ids sql injection

Inserito da Angelo Barbosa | Set 11, 2025 | CVE

A vulnerability classified as critical was found in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection.

This vulnerability is known as CVE-2025-10251. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10251 | FoxCMS up to 1.24 Images.php batchCope ids sql injection

Post correlati

CVE-2023-49231 | Stilog Visual Planning 8 Administrative API Token improper authentication

CVE-2024-43577 | Microsoft Edge up to 129.0.2792.52

CVE-2021-47109 | Linux Kernel up to 5.4.124/5.10.42/5.12.9 Neighbour resource consumption

CVE-2024-30686 | ROS2 Iron Irwini Privilege Escalation