VDB-311027 · CVE-2025-5569 · ICBVWE

IdeaCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.7 getList.html Article/Goods ଫିଲ୍ଡ SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu IdeaCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.7 keessatti argameera. Miidhamni argame is hojii Article/Goods faayilii /api/v1.index.article/getList.html keessa. Wanti jijjiirame irratti ଫିଲ୍ଡ gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-89 si geessa. Odeeffannoon kun yeroo 06/03/2025 maxxanfameera akka ICBVWE. Odeeffannoon kun buufachuuf gitee.com irratti argama. Dogoggorri kun CVE-2025-5569 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Meeshaa balaa kana fayyadamuuf hin jirre. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ଅପରିଭାଷିତ ta’uu isaa ibsameera. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. Idaantifayarii paachii 935aceb4c21338633de6d41e13332f7b9db4fa6a dha. Sirreeffamni rakkoo gitee.com irratti buufachuuf jira. Qabiyyee miidhamte haaromsuuf gorsa ni kennama. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 ଆଡାପ୍ଟେସନ୍ · 102 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/03/2025 10:33 PM	ଅଦ୍ୟତନ 1/3 06/04/2025 09:34 AM	ଅଦ୍ୟତନ 2/3 06/04/2025 11:02 AM	ଅଦ୍ୟତନ 3/3 10/03/2025 04:36 AM
software_name	IdeaCMS	IdeaCMS	IdeaCMS	IdeaCMS
software_version	1.2/1.3/1.4/1.5/1.6/1.7	1.2/1.3/1.4/1.5/1.6/1.7	1.2/1.3/1.4/1.5/1.6/1.7	1.2/1.3/1.4/1.5/1.6/1.7
software_file	/api/v1.index.article/getList.html	/api/v1.index.article/getList.html	/api/v1.index.article/getList.html	/api/v1.index.article/getList.html
software_function	Article/Goods	Article/Goods	Article/Goods	Article/Goods
software_argument	field	field	field	field
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_rl	O	O	O	O
cvss3_vuldb_rc	C	C	C	C
advisory_identifier	ICBVWE	ICBVWE	ICBVWE	ICBVWE
advisory_url	https://gitee.com/ideacms/ideacms/issues/ICBVWE	https://gitee.com/ideacms/ideacms/issues/ICBVWE	https://gitee.com/ideacms/ideacms/issues/ICBVWE	https://gitee.com/ideacms/ideacms/issues/ICBVWE
advisory_confirm_url	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version	1.8	1.8	1.8	1.8
countermeasure_upgrade_url	https://gitee.com/ideacms/ideacms/releases/tag/v1.8	https://gitee.com/ideacms/ideacms/releases/tag/v1.8	https://gitee.com/ideacms/ideacms/releases/tag/v1.8	https://gitee.com/ideacms/ideacms/releases/tag/v1.8
patch_name	935aceb4c21338633de6d41e13332f7b9db4fa6a	935aceb4c21338633de6d41e13332f7b9db4fa6a	935aceb4c21338633de6d41e13332f7b9db4fa6a	935aceb4c21338633de6d41e13332f7b9db4fa6a
countermeasure_patch_url	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a
source_cve	CVE-2025-5569	CVE-2025-5569	CVE-2025-5569	CVE-2025-5569
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_rc	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_e	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_e	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss4_vuldb_e	X	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	6.0	6.0	6.1	7.0
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	5.3	5.3	5.3	5.3
advisory_date	1748901600 (06/03/2025)	1748901600 (06/03/2025)	1748901600 (06/03/2025)	1748901600 (06/03/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-16845	EUVD-2025-16845	EUVD-2025-16845
cve_nvd_summary			A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.	A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summaryes				Se detectó una vulnerabilidad en IdeaCMS hasta la versión 1.7, clasificada como crítica. Este problema afecta a la función "Article/Goods" del archivo /api/v1.index.article/getList.html. La manipulación del argumento "Field" provoca una inyección SQL. El ataque puede ejecutarse en remoto. Actualizar a la versión 1.8 puede solucionar este problema. El parche se llama 935aceb4c21338633de6d41e13332f7b9db4fa6a. Se recomienda actualizar el componente afectado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!