Fsrm3

**Name of the Vulnerable Software and Affected Versions** FoxCMS versions 1.2.5 and earlier **Description** A critical issue has been found in FoxCMS, affecting the `batchCope` function of the file `app/admin/controller/Download.php`. The manipulation of the `ids` argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For FoxCMS versions 1.2.5 and earlier, as a temporary workaround, consider disabling the `batchCope` function until a patch is available. Restrict access to the `app/admin/controller/Download.php` file to minimize the risk of exploitation. Avoid using the `ids` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS versions up to 13.3 **Description** A critical vulnerability was found in SeaCMS, affecting the file /admin topic.php?action=delall. The manipulation of the `e id` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 13.3, consider disabling access to the /admin topic.php?action=delall endpoint until a patch is available. Restrict the manipulation of the `e id` argument to minimize the risk of SQL injection exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS versions prior to 13.4 **Description** A critical vulnerability exists in SeaCMS. The issue affects unknown processing within the `/admin link.php?action=delall` file. Manipulation of the `e id` argument results in a SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** Versions prior to 13.4: Update SeaCMS to version 13.4 or later.