CVE-2025-14245

Summary

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
n/aIdeaCMS1.0affected
n/aIdeaCMS1.1affected
n/aIdeaCMS1.2affected
n/aIdeaCMS1.3affected
n/aIdeaCMS1.4affected
n/aIdeaCMS1.5affected
n/aIdeaCMS1.6affected
n/aIdeaCMS1.7affected
n/aIdeaCMS1.8affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References