3400285747

**Name of the Vulnerable Software and Affected Versions:** FoxCMS versions up to 1.2.5 **Description:** A critical issue exists in FoxCMS that allows for remote SQL injection. The `batchCope` function within the `app/admin/controller/Video.php` file is affected. Manipulation of the `ids` argument can lead to exploitation. The exploit has been publicly disclosed. **Recommendations:** FoxCMS versions prior to 1.2.5 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.