CVE-2025-14245

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-14245

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-14245 IdeaCMS Coupon.php whereRaw sql injection

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-14245

IdeaCMS up to version 1.8 contains a SQL injection vulnerability in the whereRaw usage of Coupon.php (app/common/logic/index/Coupon.php). The root cause is improper manipulation of the params argument, enabling remote attacker input to influence SQL queries. Multiple security feeds (NVD, Red Hat,...

IdeaCMS SQL注入漏洞

IdeaCMS is an open source shopping mall system by IdeaCMS. A SQL injection vulnerability exists in IdeaCMS version 1.8 and earlier versions, which stems from incorrect manipulation of params in the parameter params in the file app/common/logic/index/Coupon.php, which can lead to SQL injection...

最土团购 /ajax/coupon.php SQL注入漏洞

最土团购 基础函数过滤不全导致注射。 ajax/coupon.php代码： ...... $cid = strval$GET'id'; //第5行 ...... $coupon = Table::FetchForce'coupon', $cid; //第44行 没有对参数id进行过滤，直接带入了FetchForce，再看看 FetchForce是什么 include/library/table.class.php 第172行 static public function FetchForce$n=null, $ids=array if empty$ids || !$ids return...

ZuituGO 2.0 /ajax/coupon.php SQL注入漏洞

No description provided by source...

Sql injection

SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action...

CVE-2010-4854

CVE-2010-4854 affects Zuitu 1.6, specifically the Ajax endpoint ajax/coupon.php. The vulnerability arises in the consume action where the id parameter can be exploited to perform SQL injection when magic_quotes_gpc is disabled. This allows remote attackers to potentially execute arbitrary SQL com...

CVE-2010-4854

SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action...