CVE-2025-6094 MEDIUM

CVE-2025-6094: qianfox FoxCMS Download.php batchCope sql injection

Vendor Qianfox
Product FoxCMS
Weakness CWE-89 · SQLi
Published June 15, 2025
Last update July 15, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 15, 2025 CVE published
July 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-2211 Campcodes Coffee Shop POS System manage_category.php sql injection CVE-2026-4783 itsourcecode College Management System Parameter add-single-student-results.php sql injection CVE-2024-2675 Campcodes Online Job Finder System index.php sql injection CVE-2024-0362 PHPGurukul Hospital Management System change-password.php sql injection CVE-2026-9523 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcmeterDetailDayListTree sql injection