Johndoe245

**Name of the Vulnerable Software and Affected Versions** IdeaCMS versions up to 1.7 **Description** A critical issue affects the function Article/Goods of the file "/api/v1.index.article/getList.html". The manipulation of the `Field` argument leads to SQL injection. The attack may be initiated remotely. It is estimated that a significant number of devices worldwide could be potentially affected, but the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For IdeaCMS versions up to 1.7, upgrade to version 1.8 to address this issue. As a temporary workaround, consider restricting access to the "/api/v1.index.article/getList.html" endpoint or avoiding the manipulation of the `Field` argument until the upgrade is applied.