| Titel | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution |
|---|
| Beschreibung | The RCE vulnerability was discovered on /collect/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code. |
|---|
| Quelle | ⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81 |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 25.07.2025 03:19 (vor 9 Monaten) |
|---|
| Moderieren | 26.07.2025 15:05 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 317815 [yanyutao0402 ChanCMS bis 3.1.2 /collect/getArticle taskUrl erweiterte Rechte] |
|---|
| Punkte | 18 |
|---|