CVE-2025-46154

Name of the Vulnerable Software and Affected Versions Foxcms version 1.25

Description The issue is related to a SQL time injection in the installdb.php script, specifically affecting the $ POST['dbname'] parameter. This allows for potential exploitation.

Recommendations For Foxcms version 1.25, consider restricting access to the installdb.php script until a patch is available. As a temporary workaround, avoid using the dbname parameter in the affected script to minimize the risk of exploitation.