51 matches found
CVE-2025-5569
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...
CVE-2025-5569
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...
CVE-2025-5569
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...
CVE-2025-5569 IdeaCMS getList.html Goods sql injection
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...
CVE-2025-5569
IdeaCMS
CVE-2025-5569 IdeaCMS getList.html Goods sql injection
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is...
PT-2025-23769 · Ideacms · Ideacms
Name of the Vulnerable Software and Affected Versions: IdeaCMS versions up to 1.7 Description: A critical issue affects the function Article/Goods of the file "/api/v1.index.article/getList.html". The manipulation of the Field argument leads to SQL injection. The attack may be initiated remotely...
IdeaCMS 注入漏洞
IdeaCMS is a shopping mall system of IdeaCMS open source. IdeaCMS 1.7 and previous versions of the injection vulnerability exists, the vulnerability stems from the file / api / v1.index.article / getList.html in the parameter Field improperly handled resulting in SQL injection...
CVE-2025-4291
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-4291
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-4291
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-4291 IdeaCMS saveUpload unrestricted upload
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-4291
IdeaCMS up to version 1.6 is affected by a vulnerability in the saveUpload function that allows unrestricted file uploads. The issue enables remote exploitation and has publicly disclosed exploit information. Connected sources corroborate the vulnerability in saveUpload and describe it as critica...
CVE-2025-4291 IdeaCMS saveUpload unrestricted upload
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
IdeaCMS 代码问题漏洞
IdeaCMS is an open source shopping mall system by IdeaCMS. A code issue vulnerability exists in IdeaCMS 1.6 and earlier versions, which stems from improper handling of the function saveUpload, which can lead to arbitrary file uploads...
PT-2025-19803 · Ideacms · Ideacms
Name of the Vulnerable Software and Affected Versions: IdeaCMS versions up to 1.6 Description: A critical vulnerability was found in IdeaCMS, affecting the saveUpload function. This vulnerability allows for unrestricted upload and can be exploited remotely. The exploit has been disclosed to the...
Arbitrary file upload vulnerability in ideacms In***.php file
ideacms is a lightweight PHP+Mysql enterprise website construction system, with CI framework as the core, to create a website construction system suitable for enterprise official website, group official website and personal blog program. ideacms In.php file has an arbitrary file upload...
IdeaCMS Cross-Site Scripting Vulnerability
IdeaCMS is a PHP and MySQL based enterprise website building system. A cross-site scripting vulnerability exists in IdeaCMS 2016-04-30 and earlier versions, which can be exploited by remote attackers to inject arbitrary Web script or HTML by sending the 'kw' parameter to...
CVE-2018-16372
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued...
Cross site scripting
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued...