CVE-2025-29180

Publication date

2025-04-17 00:00:00

Family

mitre

State

PUBLISHED

Description

In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.