VDB-311027 · CVE-2025-5569 · ICBVWE

IdeaCMS Dok 1.7 getList.html Article/Goods Polje SKL injekcija

Identifikovana je ranjivost klasifikovana kao Kritične u IdeaCMS Dok 1.7. Obuhvaćeno je funkcija Article/Goods u fajlu /api/v1.index.article/getList.html. Promena parametra Polje uzrokuje SKL injekcija. Korišćenjem CWE za opis problema dolazi se do CWE-89. Objava slabosti je izvršena 06/03/2025 kao ICBVWE. Izveštaj je dostupan za preuzimanje na gitee.com. Ova ranjivost je poznata pod oznakom CVE-2025-5569. Napad je moguće izvršiti sa udaljene lokacije. Napad zahteva pristup lokalnoj mreži. Tehnički podaci su dostupni. Нема доступног експлоита. U ovom trenutku, trenutna cena za eksploataciju može iznositi oko USD $0-$5k. Prema MITRE ATT&CK projektu, tehnika napada je T1505. Definisano je kao nije definisano. Kao 0-day, očekivana cena na crnom tržištu bila je oko $0-$5k. Prelaskom na verziju 1.8 ovaj problem može biti rešen. Ažuriranje je spremno za preuzimanje na gitee.com. Zakrpa se zove 935aceb4c21338633de6d41e13332f7b9db4fa6a. Popravka je dostupna za preuzimanje na gitee.com. Preporučuje se da se nadogradi relevantna komponenta. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 Promene · 102 Tačke podataka

Polje	Kreirali 06/03/2025 22:33	Ažurira 1/3 06/04/2025 09:34	Ažurira 2/3 06/04/2025 11:02	Ažurira 3/3 10/03/2025 04:36
software_name	IdeaCMS	IdeaCMS	IdeaCMS	IdeaCMS
software_version	1.2/1.3/1.4/1.5/1.6/1.7	1.2/1.3/1.4/1.5/1.6/1.7	1.2/1.3/1.4/1.5/1.6/1.7	1.2/1.3/1.4/1.5/1.6/1.7
software_file	/api/v1.index.article/getList.html	/api/v1.index.article/getList.html	/api/v1.index.article/getList.html	/api/v1.index.article/getList.html
software_function	Article/Goods	Article/Goods	Article/Goods	Article/Goods
software_argument	field	field	field	field
vulnerability_cwe	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_rl	O	O	O	O
cvss3_vuldb_rc	C	C	C	C
advisory_identifier	ICBVWE	ICBVWE	ICBVWE	ICBVWE
advisory_url	https://gitee.com/ideacms/ideacms/issues/ICBVWE	https://gitee.com/ideacms/ideacms/issues/ICBVWE	https://gitee.com/ideacms/ideacms/issues/ICBVWE	https://gitee.com/ideacms/ideacms/issues/ICBVWE
advisory_confirm_url	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link	https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link
countermeasure_name	Nadogradnju	Nadogradnju	Nadogradnju	Nadogradnju
upgrade_version	1.8	1.8	1.8	1.8
countermeasure_upgrade_url	https://gitee.com/ideacms/ideacms/releases/tag/v1.8	https://gitee.com/ideacms/ideacms/releases/tag/v1.8	https://gitee.com/ideacms/ideacms/releases/tag/v1.8	https://gitee.com/ideacms/ideacms/releases/tag/v1.8
patch_name	935aceb4c21338633de6d41e13332f7b9db4fa6a	935aceb4c21338633de6d41e13332f7b9db4fa6a	935aceb4c21338633de6d41e13332f7b9db4fa6a	935aceb4c21338633de6d41e13332f7b9db4fa6a
countermeasure_patch_url	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a	https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a
source_cve	CVE-2025-5569	CVE-2025-5569	CVE-2025-5569	CVE-2025-5569
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_rc	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_e	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_e	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss4_vuldb_e	X	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	6.0	6.0	6.1	7.0
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	5.3	5.3	5.3	5.3
advisory_date	1748901600 (06/03/2025)	1748901600 (06/03/2025)	1748901600 (06/03/2025)	1748901600 (06/03/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-16845	EUVD-2025-16845	EUVD-2025-16845
cve_nvd_summary			A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.	A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summaryes				Se detectó una vulnerabilidad en IdeaCMS hasta la versión 1.7, clasificada como crítica. Este problema afecta a la función "Article/Goods" del archivo /api/v1.index.article/getList.html. La manipulación del argumento "Field" provoca una inyección SQL. El ataque puede ejecutarse en remoto. Actualizar a la versión 1.8 puede solucionar este problema. El parche se llama 935aceb4c21338633de6d41e13332f7b9db4fa6a. Se recomienda actualizar el componente afectado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ Prethodne Pregled Sledeжi ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!