IdeaCMS
CVE-2025-11331
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in IdeaCMS up to version 1.8 allows high-privileged remote attackers to execute arbitrary system commands via manipulation of the 网站名称 (website name) parameter in the Website Name Handler component. The vulnerability exists in app/common/logic/admin/Config.php and requires high-privilege credentials but has publicly available exploit code and carries notable risk given the vendor's non-responsiveness to early disclosure.
Technical ContextAI
The vulnerability is a classic command injection flaw (CWE-74) in a PHP-based CMS. The Website Name Handler in Config.php fails to properly sanitize or validate user-supplied input in the 网站名称 parameter before passing it to system command execution functions (likely shell_exec, system, passthru, or similar PHP functions). The attack vector is network-based with low complexity, indicating the vulnerable code path is readily accessible once authenticated, but exploitation requires high-privilege administrator credentials. The PHP application likely constructs shell commands by concatenating unsanitized user input, allowing injection of arbitrary shell metacharacters and commands.
RemediationAI
No vendor-released patch is available due to the vendor's non-responsiveness to early disclosure notification. Immediate mitigation steps include: (1) Restrict administrative access in IdeaCMS to only trusted, internally-managed accounts and disable or remove unused admin accounts; (2) Implement network-level access controls to limit admin login endpoints to specific IP ranges or VPN; (3) Apply input validation and sanitization at the application level if you have source code access - specifically, sanitize the 网站名称 parameter by using parameterized/prepared statement equivalents or shell escaping functions (escapeshellarg/escapeshellcmd in PHP); (4) Consider upgrading to a maintained alternative CMS if version 1.8 is critical and the vendor remains unresponsive; (5) Monitor admin authentication logs and command execution logs for suspicious activity. Organizations should evaluate whether the IdeaCMS project has been abandoned and plan migration accordingly.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today