CVE-2025-11331

Name of the Vulnerable Software and Affected Versions IdeaCMS versions up to 1.8

Description A command injection issue exists in IdeaCMS. The issue is located in an unknown function within the app/common/logic/admin/Config.php file of the Website Name Handler component. Manipulation of the 网站名称 argument can lead to remote command injection. The exploit has been publicly released, and the vendor was notified but did not respond.

Recommendations Versions prior to 1.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.