IdeaCMS Coupon.php whereRaw sql injection_CVE-2025-14245

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-14245

Source VulDB

Published Dec 8, 2025 at 12:32

Affected Product

Vendor n/a

Product IdeaCMS

Version 1.0

Affected Versions n/a IdeaCMS 1.0
n/a IdeaCMS 1.1
n/a IdeaCMS 1.2
n/a IdeaCMS 1.3
n/a IdeaCMS 1.4
n/a IdeaCMS 1.5
n/a IdeaCMS 1.6
n/a IdeaCMS 1.7
n/a IdeaCMS 1.8

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-12-08T12:32:07.920Z",
    "modified": "2025-12-08T12:32:07.920Z",
    "type": "cve",
    "title": "IdeaCMS Coupon.php whereRaw sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334755\nhttps://vuldb.com/?ctiid.334755\nhttps://vuldb.com/?submit.702437\nhttps://github.com/rassec2/dbcve/issues/17",
    "id": "CVE-2025-14245",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "n/a IdeaCMS 1.0\nn/a IdeaCMS 1.1\nn/a IdeaCMS 1.2\nn/a IdeaCMS 1.3\nn/a IdeaCMS 1.4\nn/a IdeaCMS 1.5\nn/a IdeaCMS 1.6\nn/a IdeaCMS 1.7\nn/a IdeaCMS 1.8",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IdeaCMS",
    "version": "1.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}