CVE-2025-5569

Name of the Vulnerable Software and Affected Versions IdeaCMS versions up to 1.7

Description A critical issue affects the function Article/Goods of the file "/api/v1.index.article/getList.html". The manipulation of the Field argument leads to SQL injection. The attack may be initiated remotely. It is estimated that a significant number of devices worldwide could be potentially affected, but the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For IdeaCMS versions up to 1.7, upgrade to version 1.8 to address this issue. As a temporary workaround, consider restricting access to the "/api/v1.index.article/getList.html" endpoint or avoiding the manipulation of the Field argument until the upgrade is applied.