CVE-2025-5569

MEDIUM NUCLEI

IdeaCMS <1.8 - SQL Injection

Title source: llm

Description

A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.

Exploits (2)

gitee 423 stars

by ideacms_admin · phpwriteup

https://gitee.com/ideacms/ideacms/issues/ICBVWE

gitee 423 stars

by ideacms_admin · phpwriteup

https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link

Nuclei Templates (1)

IdeaCMS <= 1.7 - SQL Injection

CRITICALVERIFIEDby ritikchaddha

Shodan: http.favicon.hash:-1033616879

FOFA: icon_hash:"-1033616879"

References (7)

[Exploit, Issue Tracking, Vendor Advisory] https://gitee.com/ideacms/ideacms/issues/ICBVWE

[Permissions Required] https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a

[Exploit, Issue Tracking, Vendor Advisory] https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link

[Release Notes] https://gitee.com/ideacms/ideacms/releases/tag/v1.8

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.311027

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.311027

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.588372

Scores

CVSS v3 6.3

EPSS 0.0060

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

ideacms/ideacms < 1.7

Published Jun 04, 2025

Tracked Since Feb 18, 2026