51 matches found
IdeaCMS <= 1.7 - SQL Injection
IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability. id: CVE-2025-5569 info: name: IdeaCMS = 1.7 - SQL Injection author: ritikchaddha severity: critical...
CVE-2025-14245
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-14245
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-14245
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-14245 IdeaCMS Coupon.php whereRaw sql injection
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-14245 IdeaCMS Coupon.php whereRaw sql injection
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
EUVD-2025-201709
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-14245
IdeaCMS up to version 1.8 contains a SQL injection vulnerability in the whereRaw usage of Coupon.php (app/common/logic/index/Coupon.php). The root cause is improper manipulation of the params argument, enabling remote attacker input to influence SQL queries. Multiple security feeds (NVD, Red Hat,...
PT-2025-49552
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
IdeaCMS SQL注入漏洞
IdeaCMS is an open source shopping mall system by IdeaCMS. A SQL injection vulnerability exists in IdeaCMS version 1.8 and earlier versions, which stems from incorrect manipulation of params in the parameter params in the file app/common/logic/index/Coupon.php, which can lead to SQL injection...
CVE-2025-11331
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
EUVD-2018-8218
Malware in sbrugna...
CVE-2025-11331 IdeaCMS Website Name Config.php command injection
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
EUVD-2025-32529
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
CVE-2025-11331 IdeaCMS Website Name Config.php command injection
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...
CVE-2025-11331
IdeaCMS up to version 1.8 contains a command injection in the Website Name Handler component, via the argument 网站名称 manipulated in app/common/logic/admin/Config.php. The vulnerability arises from an unknown function handling that input, enabling remote execution after exploitation. Public exploit...
IdeaCMS 命令注入漏洞
IdeaCMS is an open source shopping mall system by IdeaCMS. A command injection vulnerability exists in IdeaCMS 1.8 and earlier versions, which stems from incorrect manipulation of the parameter site name in the file app/common/logic/admin/Config.php, which could lead to a command injection attack...
PT-2025-40888
Name of the Vulnerable Software and Affected Versions IdeaCMS versions up to 1.8 Description A command injection issue exists in IdeaCMS. The issue is located in an unknown function within the app/common/logic/admin/Config.php file of the Website Name Handler component. Manipulation of the 网站名称...
EUVD-2025-13399
Malicious code in bioql PyPI...
EUVD-2025-16845
Malicious code in bioql PyPI...