CVE-2025-2132: ftcms Search ajax_all_lists sql injection
First published: Sun Mar 09 2025(Updated: )
A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ftcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2132?
CVE-2025-2132 is classified as a critical vulnerability.
How do I fix CVE-2025-2132?
To fix CVE-2025-2132, it is recommended to update to the latest version of ftcms that addresses the SQL injection issue.
What component is affected by CVE-2025-2132?
The vulnerable component affected by CVE-2025-2132 is the Search functionality within the /admin/index.php/web/ajax_all_lists file.
Can CVE-2025-2132 be exploited remotely?
Yes, CVE-2025-2132 allows for remote exploitation due to SQL injection vulnerabilities.
What kind of attack can CVE-2025-2132 facilitate?
CVE-2025-2132 facilitates SQL injection attacks through manipulation of the name argument.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/source
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/ftcms
- canonical/ftcms