CVE-2025-29180

Name of the Vulnerable Software and Affected Versions FOXCMS versions 1.25 and earlier

Description The issue concerns a time-based blind SQL injection vulnerability in the installdb.php file. The url prefix, domain, and my website POST parameters are directly concatenated into SQL statements without filtering.

Recommendations For FOXCMS versions 1.25 and earlier, as a temporary workaround, consider filtering or validating the url prefix, domain, and my website parameters to prevent SQL injection attacks. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.