Search
Find a vulnerability
Search criteria
32 vulnerabilities by chancms
CVE-2025-65602 (GCVE-0-2025-65602)
Vulnerability from nvd – Published: 2025-12-10 00:00 – Updated: 2025-12-18 20:31
VLAI
Summary
A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T20:30:59.577109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:31:03.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T19:41:10.919Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitee.com/chancms/ChanCMS"
},
{
"url": "https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link"
},
{
"url": "https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65602",
"datePublished": "2025-12-10T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-18T20:31:03.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11905 (GCVE-0-2025-11905)
Vulnerability from nvd – Published: 2025-10-17 15:32 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS gather.js getArticle code injection
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328915 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328915 | signaturepermissions-required |
| https://vuldb.com/?submit.671338 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11905",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T15:50:32.884972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:50:45.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\\modules\\cms\\controller\\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:38.053Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328915 | yanyutao0402 ChanCMS gather.js getArticle code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328915"
},
{
"name": "VDB-328915 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328915"
},
{
"name": "Submit #671338 | yanyutao0402 ChanCMS \u003c=v3.3.2 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.671338"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsgathergetarticle"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS gather.js getArticle code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11905",
"datePublished": "2025-10-17T15:32:06.106Z",
"dateReserved": "2025-10-17T07:22:26.181Z",
"dateUpdated": "2026-02-24T07:01:38.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11904 (GCVE-0-2025-11904)
Vulnerability from nvd – Published: 2025-10-17 15:02 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS hasUse sql injection
Summary
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328914 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328914 | signaturepermissions-required |
| https://vuldb.com/?submit.670274 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11904",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T15:21:36.980951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:21:58.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:24.738Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328914 | yanyutao0402 ChanCMS hasUse sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328914"
},
{
"name": "VDB-328914 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328914"
},
{
"name": "Submit #670274 | yanyutao0402 ChanCMS \u003c=3.3.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670274"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#222"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsmodelhasuse"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS hasUse sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11904",
"datePublished": "2025-10-17T15:02:05.703Z",
"dateReserved": "2025-10-17T07:22:23.541Z",
"dateUpdated": "2026-02-24T07:01:24.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11903 (GCVE-0-2025-11903)
Vulnerability from nvd – Published: 2025-10-17 14:02 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS update sql injection
Summary
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328913 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328913 | signaturepermissions-required |
| https://vuldb.com/?submit.670271 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploitpatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11903",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:29:49.740306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:34:18.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:13.447Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328913 | yanyutao0402 ChanCMS update sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328913"
},
{
"name": "VDB-328913 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328913"
},
{
"name": "Submit #670271 | yanyutao0402 ChanCMS \u003c=3.3.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670271"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#111"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsarticleupdate"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS update sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11903",
"datePublished": "2025-10-17T14:02:07.265Z",
"dateReserved": "2025-10-17T07:22:20.885Z",
"dateUpdated": "2026-02-24T07:01:13.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11902 (GCVE-0-2025-11902)
Vulnerability from nvd – Published: 2025-10-17 14:02 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS findField sql injection
Summary
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328912 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328912 | signaturepermissions-required |
| https://vuldb.com/?submit.670262 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:40:24.672472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:40:34.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:02.037Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328912 | yanyutao0402 ChanCMS findField sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328912"
},
{
"name": "VDB-328912 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328912"
},
{
"name": "Submit #670262 | yanyutao0402 ChanCMS \u003c=3.3.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670262"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsarticlefindfield"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS findField sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11902",
"datePublished": "2025-10-17T14:02:05.201Z",
"dateReserved": "2025-10-17T07:22:18.270Z",
"dateUpdated": "2026-02-24T07:01:02.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10211 (GCVE-0-2025-10211)
Vulnerability from nvd – Published: 2025-09-10 20:02 – Updated: 2025-09-10 20:14
VLAI
Title
yanyutao0402 ChanCMS getArticle CollectController server-side request forgery
Summary
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323484 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323484 | signaturepermissions-required |
| https://vuldb.com/?submit.639779 | third-party-advisory |
| https://github.com/August829/Yu/blob/main/58ead8e… | related |
| https://github.com/August829/Yu/blob/main/58ead8e… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:14:04.607130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:14:34.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in yanyutao0402 ChanCMS 3.3.0 gefunden. Hiervon betroffen ist die Funktion CollectController der Datei /cms/collect/getArticle. Dank der Manipulation des Arguments taskUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:02:05.846Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323484 | yanyutao0402 ChanCMS getArticle CollectController server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323484"
},
{
"name": "VDB-323484 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323484"
},
{
"name": "Submit #639779 | yanyutao0402 ChanCMS V3.3.0 Unauthorized SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.639779"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-10T12:29:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS getArticle CollectController server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10211",
"datePublished": "2025-09-10T20:02:05.846Z",
"dateReserved": "2025-09-10T10:24:12.178Z",
"dateUpdated": "2025-09-10T20:14:34.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10210 (GCVE-0-2025-10210)
Vulnerability from nvd – Published: 2025-09-10 19:02 – Updated: 2025-09-10 19:16
VLAI
Title
yanyutao0402 ChanCMS Api.js search sql injection
Summary
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323483 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323483 | signaturepermissions-required |
| https://vuldb.com/?submit.639777 | third-party-advisory |
| https://github.com/August829/Yu/blob/main/58ead8e… | related |
| https://github.com/August829/Yu/blob/main/58ead8e… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.0
Affected: 3.1 Affected: 3.2 Affected: 3.3.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:15:58.444066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:16:38.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In yanyutao0402 ChanCMS bis 3.3.0 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion Search der Datei app/modules/api/service/Api.js. Die Bearbeitung des Arguments key verursacht sql injection. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:02:06.847Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323483 | yanyutao0402 ChanCMS Api.js search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323483"
},
{
"name": "VDB-323483 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323483"
},
{
"name": "Submit #639777 | yanyutao0402 ChanCMS V3.3.0 Unauthorized SQL injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.639777"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-10T12:29:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS Api.js search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10210",
"datePublished": "2025-09-10T19:02:06.847Z",
"dateReserved": "2025-09-10T10:23:59.240Z",
"dateUpdated": "2025-09-10T19:16:38.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10110 (GCVE-0-2025-10110)
Vulnerability from nvd – Published: 2025-09-08 22:32 – Updated: 2025-09-09 13:30
VLAI
Title
ChanCMS search sql injection
Summary
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323076 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323076 | signaturepermissions-required |
| https://vuldb.com/?submit.645383 | third-party-advisory |
| https://github.com/chujianxin0101/vuln/issues/10 | exploitissue-tracking |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10110",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:15:03.285011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:30:00.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/chujianxin0101/vuln/issues/10"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Unnlucky1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input \u0027%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in ChanCMS bis 3.3.1 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /search/. Die Ver\u00e4nderung mit dem Wert \u0027%20or%201=1%20%23/words.html resultiert in sql injection. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T22:32:09.780Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323076 | ChanCMS search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323076"
},
{
"name": "VDB-323076 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323076"
},
{
"name": "Submit #645383 | https://gitee.com/chancms/ChanCMS ChanCMS 3.3.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645383"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/chujianxin0101/vuln/issues/10"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T16:20:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "ChanCMS search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10110",
"datePublished": "2025-09-08T22:32:09.780Z",
"dateReserved": "2025-09-08T14:15:33.950Z",
"dateUpdated": "2025-09-09T13:30:00.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10106 (GCVE-0-2025-10106)
Vulnerability from nvd – Published: 2025-09-08 21:32 – Updated: 2025-09-09 13:30
VLAI
Title
yanyutao0402 ChanCMS search sql injection
Summary
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323073 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323073 | signaturepermissions-required |
| https://vuldb.com/?submit.645354 | third-party-advisory |
| https://github.com/chujianxin0101/vuln/issues/9 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:16:12.573064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:30:50.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/chujianxin0101/vuln/issues/9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Unnlucky1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in yanyutao0402 ChanCMS bis 3.3.1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cms/collect/search. Durch das Beeinflussen des Arguments keyword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T21:32:05.519Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323073 | yanyutao0402 ChanCMS search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323073"
},
{
"name": "VDB-323073 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323073"
},
{
"name": "Submit #645354 | ChanCMS https://github.com/chancms/ChanCMS 3.3.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645354"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/chujianxin0101/vuln/issues/9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T16:05:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10106",
"datePublished": "2025-09-08T21:32:05.519Z",
"dateReserved": "2025-09-08T14:00:48.804Z",
"dateUpdated": "2025-09-09T13:30:50.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10105 (GCVE-0-2025-10105)
Vulnerability from nvd – Published: 2025-09-08 20:32 – Updated: 2025-09-08 20:43
VLAI
Title
yanyutao0402 ChanCMS search sql injection
Summary
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323072 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323072 | signaturepermissions-required |
| https://vuldb.com/?submit.645341 | third-party-advisory |
| https://github.com/chujianxin0101/vuln/issues/8 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T20:42:57.452329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:43:07.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Unnlucky1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in yanyutao0402 ChanCMS bis 3.3.1 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /cms/article/search. Durch Manipulieren des Arguments keyword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:32:07.660Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323072 | yanyutao0402 ChanCMS search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323072"
},
{
"name": "VDB-323072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323072"
},
{
"name": "Submit #645341 | ChanCMS https://gitee.com/chancms/ChanCMS 3.3.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645341"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/chujianxin0101/vuln/issues/8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T16:05:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10105",
"datePublished": "2025-09-08T20:32:07.660Z",
"dateReserved": "2025-09-08T14:00:45.660Z",
"dateUpdated": "2025-09-08T20:43:07.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8266 (GCVE-0-2025-8266)
Vulnerability from nvd – Published: 2025-07-28 08:32 – Updated: 2025-07-28 16:59
VLAI
Title
yanyutao0402 ChanCMS collect.js getArticle deserialization
Summary
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317857 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317857 | signaturepermissions-required |
| https://vuldb.com/?submit.622170 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61 | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/releases/t… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8266",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T16:58:27.329831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:59:30.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In yanyutao0402 ChanCMS bis 3.1.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion getArticle der Datei app/modules/cms/controller/collect.js. Dank Manipulation des Arguments targetUrl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T08:32:15.139Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317857 | yanyutao0402 ChanCMS collect.js getArticle deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317857"
},
{
"name": "VDB-317857 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317857"
},
{
"name": "Submit #622170 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622170"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-27T11:50:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS collect.js getArticle deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8266",
"datePublished": "2025-07-28T08:32:15.139Z",
"dateReserved": "2025-07-27T09:45:19.857Z",
"dateUpdated": "2025-07-28T16:59:30.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8228 (GCVE-0-2025-8228)
Vulnerability from nvd – Published: 2025-07-27 09:32 – Updated: 2025-07-28 14:56
VLAI
Title
yanyutao0402 ChanCMS getPages server-side request forgery
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317816 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317816 | signaturepermissions-required |
| https://vuldb.com/?submit.622171 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP28 | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/releases/t… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T14:56:26.803188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T14:56:29.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP28"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in yanyutao0402 ChanCMS bis 3.1.2 ausgemacht. Es geht hierbei um die Funktion getPages der Datei /cms/collect/getPages. Durch Manipulation des Arguments targetUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T09:32:15.400Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317816 | yanyutao0402 ChanCMS getPages server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317816"
},
{
"name": "VDB-317816 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317816"
},
{
"name": "Submit #622171 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622171"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP28"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:13:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS getPages server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8228",
"datePublished": "2025-07-27T09:32:15.400Z",
"dateReserved": "2025-07-26T13:08:17.563Z",
"dateUpdated": "2025-07-28T14:56:29.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8227 (GCVE-0-2025-8227)
Vulnerability from nvd – Published: 2025-07-27 09:02 – Updated: 2025-07-28 14:57
VLAI
Title
yanyutao0402 ChanCMS getArticle deserialization
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317815 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317815 | signaturepermissions-required |
| https://vuldb.com/?submit.622169 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81 | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/commit/33d… | patch |
| https://gitee.com/yanyutao0402/ChanCMS/tree/V3.1.3 | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T14:57:11.198952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T14:57:17.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In yanyutao0402 ChanCMS bis 3.1.2 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /collect/getArticle. Durch die Manipulation des Arguments taskUrl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 33d9bb464353015aaaba84e27638ac9a3912795d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T09:02:18.139Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317815 | yanyutao0402 ChanCMS getArticle deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317815"
},
{
"name": "VDB-317815 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317815"
},
{
"name": "Submit #622169 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622169"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/commit/33d9bb464353015aaaba84e27638ac9a3912795d"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/tree/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:10:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS getArticle deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8227",
"datePublished": "2025-07-27T09:02:18.139Z",
"dateReserved": "2025-07-26T13:05:47.291Z",
"dateUpdated": "2025-07-28T14:57:17.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8226 (GCVE-0-2025-8226)
Vulnerability from nvd – Published: 2025-07-27 08:32 – Updated: 2025-07-28 17:24
VLAI
Title
yanyutao0402 ChanCMS find information disclosure
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317814 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317814 | signaturepermissions-required |
| https://vuldb.com/?submit.622167 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP9V | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8226",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:24:43.884366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:24:57.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in yanyutao0402 ChanCMS bis 3.1.2 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /sysApp/find. Mit der Manipulation des Arguments accessKey/secretKey mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T08:32:11.711Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317814 | yanyutao0402 ChanCMS find information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317814"
},
{
"name": "VDB-317814 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317814"
},
{
"name": "Submit #622167 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622167"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP9V"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:10:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS find information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8226",
"datePublished": "2025-07-27T08:32:11.711Z",
"dateReserved": "2025-07-26T13:05:42.685Z",
"dateUpdated": "2025-07-28T17:24:57.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8133 (GCVE-0-2025-8133)
Vulnerability from nvd – Published: 2025-07-25 05:32 – Updated: 2025-07-27 09:45
VLAI
Title
yanyutao0402 ChanCMS gather.js getArticle server-side request forgery
Summary
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317529 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317529 | signaturepermissions-required |
| https://vuldb.com/?submit.619777 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/commit/3ef… | patch |
| https://gitee.com/yanyutao0402/ChanCMS/releases/t… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8133",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T11:49:20.335411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T11:49:48.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in yanyutao0402 ChanCMS bis 3.1.2 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion getArticle der Datei app/modules/api/service/gather.js. Durch die Manipulation des Arguments targetUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T09:45:47.498Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317529 | yanyutao0402 ChanCMS gather.js getArticle server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317529"
},
{
"name": "VDB-317529 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317529"
},
{
"name": "Submit #619777 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619777"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/commit/3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T16:03:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS gather.js getArticle server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8133",
"datePublished": "2025-07-25T05:32:20.216Z",
"dateReserved": "2025-07-24T15:44:03.015Z",
"dateUpdated": "2025-07-27T09:45:47.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-65602 (GCVE-0-2025-65602)
Vulnerability from cvelistv5 – Published: 2025-12-10 00:00 – Updated: 2025-12-18 20:31
VLAI
Summary
A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T20:30:59.577109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:31:03.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T19:41:10.919Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitee.com/chancms/ChanCMS"
},
{
"url": "https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link"
},
{
"url": "https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65602",
"datePublished": "2025-12-10T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-18T20:31:03.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11905 (GCVE-0-2025-11905)
Vulnerability from cvelistv5 – Published: 2025-10-17 15:32 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS gather.js getArticle code injection
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328915 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328915 | signaturepermissions-required |
| https://vuldb.com/?submit.671338 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11905",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T15:50:32.884972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:50:45.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\\modules\\cms\\controller\\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:38.053Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328915 | yanyutao0402 ChanCMS gather.js getArticle code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328915"
},
{
"name": "VDB-328915 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328915"
},
{
"name": "Submit #671338 | yanyutao0402 ChanCMS \u003c=v3.3.2 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.671338"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsgathergetarticle"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS gather.js getArticle code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11905",
"datePublished": "2025-10-17T15:32:06.106Z",
"dateReserved": "2025-10-17T07:22:26.181Z",
"dateUpdated": "2026-02-24T07:01:38.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11904 (GCVE-0-2025-11904)
Vulnerability from cvelistv5 – Published: 2025-10-17 15:02 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS hasUse sql injection
Summary
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328914 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328914 | signaturepermissions-required |
| https://vuldb.com/?submit.670274 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11904",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T15:21:36.980951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:21:58.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:24.738Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328914 | yanyutao0402 ChanCMS hasUse sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328914"
},
{
"name": "VDB-328914 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328914"
},
{
"name": "Submit #670274 | yanyutao0402 ChanCMS \u003c=3.3.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670274"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#222"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsmodelhasuse"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS hasUse sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11904",
"datePublished": "2025-10-17T15:02:05.703Z",
"dateReserved": "2025-10-17T07:22:23.541Z",
"dateUpdated": "2026-02-24T07:01:24.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11903 (GCVE-0-2025-11903)
Vulnerability from cvelistv5 – Published: 2025-10-17 14:02 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS update sql injection
Summary
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328913 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328913 | signaturepermissions-required |
| https://vuldb.com/?submit.670271 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploitpatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11903",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:29:49.740306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:34:18.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:13.447Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328913 | yanyutao0402 ChanCMS update sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328913"
},
{
"name": "VDB-328913 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328913"
},
{
"name": "Submit #670271 | yanyutao0402 ChanCMS \u003c=3.3.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670271"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#111"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsarticleupdate"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS update sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11903",
"datePublished": "2025-10-17T14:02:07.265Z",
"dateReserved": "2025-10-17T07:22:20.885Z",
"dateUpdated": "2026-02-24T07:01:13.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11902 (GCVE-0-2025-11902)
Vulnerability from cvelistv5 – Published: 2025-10-17 14:02 – Updated: 2026-02-24 07:01
VLAI
Title
yanyutao0402 ChanCMS findField sql injection
Summary
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.328912 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328912 | signaturepermissions-required |
| https://vuldb.com/?submit.670262 | third-party-advisory |
| https://github.com/NarcherAlter/Security_Note/blo… | related |
| https://github.com/NarcherAlter/Security_Note/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:40:24.672472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:40:34.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*"
],
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Narcher (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:01:02.037Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328912 | yanyutao0402 ChanCMS findField sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328912"
},
{
"name": "VDB-328912 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328912"
},
{
"name": "Submit #670262 | yanyutao0402 ChanCMS \u003c=3.3.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.670262"
},
{
"tags": [
"related"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsarticlefindfield"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-25T00:38:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS findField sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11902",
"datePublished": "2025-10-17T14:02:05.201Z",
"dateReserved": "2025-10-17T07:22:18.270Z",
"dateUpdated": "2026-02-24T07:01:02.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10211 (GCVE-0-2025-10211)
Vulnerability from cvelistv5 – Published: 2025-09-10 20:02 – Updated: 2025-09-10 20:14
VLAI
Title
yanyutao0402 ChanCMS getArticle CollectController server-side request forgery
Summary
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323484 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323484 | signaturepermissions-required |
| https://vuldb.com/?submit.639779 | third-party-advisory |
| https://github.com/August829/Yu/blob/main/58ead8e… | related |
| https://github.com/August829/Yu/blob/main/58ead8e… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:14:04.607130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:14:34.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in yanyutao0402 ChanCMS 3.3.0 gefunden. Hiervon betroffen ist die Funktion CollectController der Datei /cms/collect/getArticle. Dank der Manipulation des Arguments taskUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:02:05.846Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323484 | yanyutao0402 ChanCMS getArticle CollectController server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323484"
},
{
"name": "VDB-323484 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323484"
},
{
"name": "Submit #639779 | yanyutao0402 ChanCMS V3.3.0 Unauthorized SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.639779"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-10T12:29:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS getArticle CollectController server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10211",
"datePublished": "2025-09-10T20:02:05.846Z",
"dateReserved": "2025-09-10T10:24:12.178Z",
"dateUpdated": "2025-09-10T20:14:34.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10210 (GCVE-0-2025-10210)
Vulnerability from cvelistv5 – Published: 2025-09-10 19:02 – Updated: 2025-09-10 19:16
VLAI
Title
yanyutao0402 ChanCMS Api.js search sql injection
Summary
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323483 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323483 | signaturepermissions-required |
| https://vuldb.com/?submit.639777 | third-party-advisory |
| https://github.com/August829/Yu/blob/main/58ead8e… | related |
| https://github.com/August829/Yu/blob/main/58ead8e… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.0
Affected: 3.1 Affected: 3.2 Affected: 3.3.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:15:58.444066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:16:38.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In yanyutao0402 ChanCMS bis 3.3.0 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion Search der Datei app/modules/api/service/Api.js. Die Bearbeitung des Arguments key verursacht sql injection. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:02:06.847Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323483 | yanyutao0402 ChanCMS Api.js search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323483"
},
{
"name": "VDB-323483 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323483"
},
{
"name": "Submit #639777 | yanyutao0402 ChanCMS V3.3.0 Unauthorized SQL injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.639777"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-10T12:29:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS Api.js search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10210",
"datePublished": "2025-09-10T19:02:06.847Z",
"dateReserved": "2025-09-10T10:23:59.240Z",
"dateUpdated": "2025-09-10T19:16:38.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10110 (GCVE-0-2025-10110)
Vulnerability from cvelistv5 – Published: 2025-09-08 22:32 – Updated: 2025-09-09 13:30
VLAI
Title
ChanCMS search sql injection
Summary
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323076 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323076 | signaturepermissions-required |
| https://vuldb.com/?submit.645383 | third-party-advisory |
| https://github.com/chujianxin0101/vuln/issues/10 | exploitissue-tracking |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10110",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:15:03.285011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:30:00.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/chujianxin0101/vuln/issues/10"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Unnlucky1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input \u0027%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in ChanCMS bis 3.3.1 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /search/. Die Ver\u00e4nderung mit dem Wert \u0027%20or%201=1%20%23/words.html resultiert in sql injection. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T22:32:09.780Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323076 | ChanCMS search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323076"
},
{
"name": "VDB-323076 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323076"
},
{
"name": "Submit #645383 | https://gitee.com/chancms/ChanCMS ChanCMS 3.3.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645383"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/chujianxin0101/vuln/issues/10"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T16:20:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "ChanCMS search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10110",
"datePublished": "2025-09-08T22:32:09.780Z",
"dateReserved": "2025-09-08T14:15:33.950Z",
"dateUpdated": "2025-09-09T13:30:00.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10106 (GCVE-0-2025-10106)
Vulnerability from cvelistv5 – Published: 2025-09-08 21:32 – Updated: 2025-09-09 13:30
VLAI
Title
yanyutao0402 ChanCMS search sql injection
Summary
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323073 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323073 | signaturepermissions-required |
| https://vuldb.com/?submit.645354 | third-party-advisory |
| https://github.com/chujianxin0101/vuln/issues/9 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:16:12.573064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:30:50.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/chujianxin0101/vuln/issues/9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Unnlucky1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in yanyutao0402 ChanCMS bis 3.3.1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cms/collect/search. Durch das Beeinflussen des Arguments keyword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T21:32:05.519Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323073 | yanyutao0402 ChanCMS search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323073"
},
{
"name": "VDB-323073 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323073"
},
{
"name": "Submit #645354 | ChanCMS https://github.com/chancms/ChanCMS 3.3.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645354"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/chujianxin0101/vuln/issues/9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T16:05:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10106",
"datePublished": "2025-09-08T21:32:05.519Z",
"dateReserved": "2025-09-08T14:00:48.804Z",
"dateUpdated": "2025-09-09T13:30:50.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10105 (GCVE-0-2025-10105)
Vulnerability from cvelistv5 – Published: 2025-09-08 20:32 – Updated: 2025-09-08 20:43
VLAI
Title
yanyutao0402 ChanCMS search sql injection
Summary
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323072 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323072 | signaturepermissions-required |
| https://vuldb.com/?submit.645341 | third-party-advisory |
| https://github.com/chujianxin0101/vuln/issues/8 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.3.0
Affected: 3.3.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T20:42:57.452329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:43:07.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Unnlucky1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in yanyutao0402 ChanCMS bis 3.3.1 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /cms/article/search. Durch Manipulieren des Arguments keyword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:32:07.660Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323072 | yanyutao0402 ChanCMS search sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323072"
},
{
"name": "VDB-323072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323072"
},
{
"name": "Submit #645341 | ChanCMS https://gitee.com/chancms/ChanCMS 3.3.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.645341"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/chujianxin0101/vuln/issues/8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-08T16:05:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS search sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10105",
"datePublished": "2025-09-08T20:32:07.660Z",
"dateReserved": "2025-09-08T14:00:45.660Z",
"dateUpdated": "2025-09-08T20:43:07.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8266 (GCVE-0-2025-8266)
Vulnerability from cvelistv5 – Published: 2025-07-28 08:32 – Updated: 2025-07-28 16:59
VLAI
Title
yanyutao0402 ChanCMS collect.js getArticle deserialization
Summary
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317857 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317857 | signaturepermissions-required |
| https://vuldb.com/?submit.622170 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61 | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/releases/t… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8266",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T16:58:27.329831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:59:30.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In yanyutao0402 ChanCMS bis 3.1.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion getArticle der Datei app/modules/cms/controller/collect.js. Dank Manipulation des Arguments targetUrl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T08:32:15.139Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317857 | yanyutao0402 ChanCMS collect.js getArticle deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317857"
},
{
"name": "VDB-317857 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317857"
},
{
"name": "Submit #622170 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622170"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-27T11:50:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS collect.js getArticle deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8266",
"datePublished": "2025-07-28T08:32:15.139Z",
"dateReserved": "2025-07-27T09:45:19.857Z",
"dateUpdated": "2025-07-28T16:59:30.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8228 (GCVE-0-2025-8228)
Vulnerability from cvelistv5 – Published: 2025-07-27 09:32 – Updated: 2025-07-28 14:56
VLAI
Title
yanyutao0402 ChanCMS getPages server-side request forgery
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317816 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317816 | signaturepermissions-required |
| https://vuldb.com/?submit.622171 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP28 | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/releases/t… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T14:56:26.803188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T14:56:29.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP28"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in yanyutao0402 ChanCMS bis 3.1.2 ausgemacht. Es geht hierbei um die Funktion getPages der Datei /cms/collect/getPages. Durch Manipulation des Arguments targetUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T09:32:15.400Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317816 | yanyutao0402 ChanCMS getPages server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317816"
},
{
"name": "VDB-317816 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317816"
},
{
"name": "Submit #622171 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622171"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP28"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:13:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS getPages server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8228",
"datePublished": "2025-07-27T09:32:15.400Z",
"dateReserved": "2025-07-26T13:08:17.563Z",
"dateUpdated": "2025-07-28T14:56:29.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8227 (GCVE-0-2025-8227)
Vulnerability from cvelistv5 – Published: 2025-07-27 09:02 – Updated: 2025-07-28 14:57
VLAI
Title
yanyutao0402 ChanCMS getArticle deserialization
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317815 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317815 | signaturepermissions-required |
| https://vuldb.com/?submit.622169 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81 | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/commit/33d… | patch |
| https://gitee.com/yanyutao0402/ChanCMS/tree/V3.1.3 | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T14:57:11.198952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T14:57:17.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In yanyutao0402 ChanCMS bis 3.1.2 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /collect/getArticle. Durch die Manipulation des Arguments taskUrl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 33d9bb464353015aaaba84e27638ac9a3912795d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T09:02:18.139Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317815 | yanyutao0402 ChanCMS getArticle deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317815"
},
{
"name": "VDB-317815 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317815"
},
{
"name": "Submit #622169 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622169"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/commit/33d9bb464353015aaaba84e27638ac9a3912795d"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/tree/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:10:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS getArticle deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8227",
"datePublished": "2025-07-27T09:02:18.139Z",
"dateReserved": "2025-07-26T13:05:47.291Z",
"dateUpdated": "2025-07-28T14:57:17.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8226 (GCVE-0-2025-8226)
Vulnerability from cvelistv5 – Published: 2025-07-27 08:32 – Updated: 2025-07-28 17:24
VLAI
Title
yanyutao0402 ChanCMS find information disclosure
Summary
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317814 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317814 | signaturepermissions-required |
| https://vuldb.com/?submit.622167 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP9V | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8226",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:24:43.884366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:24:57.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in yanyutao0402 ChanCMS bis 3.1.2 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /sysApp/find. Mit der Manipulation des Arguments accessKey/secretKey mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T08:32:11.711Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317814 | yanyutao0402 ChanCMS find information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317814"
},
{
"name": "VDB-317814 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317814"
},
{
"name": "Submit #622167 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622167"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP9V"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:10:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS find information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8226",
"datePublished": "2025-07-27T08:32:11.711Z",
"dateReserved": "2025-07-26T13:05:42.685Z",
"dateUpdated": "2025-07-28T17:24:57.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8133 (GCVE-0-2025-8133)
Vulnerability from cvelistv5 – Published: 2025-07-25 05:32 – Updated: 2025-07-27 09:45
VLAI
Title
yanyutao0402 ChanCMS gather.js getArticle server-side request forgery
Summary
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317529 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317529 | signaturepermissions-required |
| https://vuldb.com/?submit.619777 | third-party-advisory |
| https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K | exploitissue-tracking |
| https://gitee.com/yanyutao0402/ChanCMS/commit/3ef… | patch |
| https://gitee.com/yanyutao0402/ChanCMS/releases/t… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yanyutao0402 | ChanCMS |
Affected:
3.1.0
Affected: 3.1.1 Affected: 3.1.2 Unaffected: 3.1.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8133",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T11:49:20.335411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T11:49:48.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChanCMS",
"vendor": "yanyutao0402",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "unaffected",
"version": "3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in yanyutao0402 ChanCMS bis 3.1.2 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion getArticle der Datei app/modules/api/service/gather.js. Durch die Manipulation des Arguments targetUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T09:45:47.498Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317529 | yanyutao0402 ChanCMS gather.js getArticle server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317529"
},
{
"name": "VDB-317529 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317529"
},
{
"name": "Submit #619777 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS \u003c3.1.3 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619777"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/commit/3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6"
},
{
"tags": [
"patch"
],
"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T16:03:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "yanyutao0402 ChanCMS gather.js getArticle server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8133",
"datePublished": "2025-07-25T05:32:20.216Z",
"dateReserved": "2025-07-24T15:44:03.015Z",
"dateUpdated": "2025-07-27T09:45:47.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}