CVE-2025-5569

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-5569
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://gitee.com/ideacms/ideacms/commit/935aceb4c21338633de6d41e13332f7b9db4fa6a
https://gitee.com/ideacms/ideacms/issues/ICBVWE
https://gitee.com/ideacms/ideacms/issues/ICBVWE#note_42016626_link
https://gitee.com/ideacms/ideacms/releases/tag/v1.8
https://vuldb.com/?ctiid.311027
https://vuldb.com/?id.311027
https://vuldb.com/?submit.588372
Configurations

No configuration.

History

04 Jun 2025, 14:54

Type Values Removed Values Added
Summary
  • (es) Se detectó una vulnerabilidad en IdeaCMS hasta la versión 1.7, clasificada como crítica. Este problema afecta a la función "Article/Goods" del archivo /api/v1.index.article/getList.html. La manipulación del argumento "Field" provoca una inyección SQL. El ataque puede ejecutarse en remoto. Actualizar a la versión 1.8 puede solucionar este problema. El parche se llama 935aceb4c21338633de6d41e13332f7b9db4fa6a. Se recomienda actualizar el componente afectado.

04 Jun 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-04 06:15

Updated : 2025-06-04 14:54

NVD link : CVE-2025-5569

Mitre link : CVE-2025-5569

CVE.ORG link : CVE-2025-5569

JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')