SQL Injection Vulnerability in IdeaCMS Affected by Remote Exploit
CVE-2025-5569

5.3MEDIUM

Key Information:

Vendor

IdeaCMS

Status
Ideacms
Vendor
CVE Published:
4 June 2025

What is CVE-2025-5569?

A SQL injection vulnerability has been identified in IdeaCMS versions up to 1.7. This vulnerability exists in the Article/Goods function of the API endpoint /api/v1.index.article/getList.html. By manipulating the argument Field, an attacker could execute arbitrary SQL queries, potentially compromising the application's database. The vulnerability can be triggered remotely, allowing for unauthorized access and data manipulation. Users are strongly advised to upgrade to version 1.8, which includes a patch to rectify this issue. For more details, refer to the fix implemented in the commit identified by 935aceb4c21338633de6d41e13332f7b9db4fa6a.

Affected Version(s)

IdeaCMS 1.2

IdeaCMS 1.3

IdeaCMS 1.4

References

https://vuldb.com/?id.311027
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311027
signaturepermissions-required
https://vuldb.com/?submit.588372
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

johndoe245 (VulDB User)
.