| Titel | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution |
|---|
| Beschreibung | The RCE vulnerability was discovered on /cms/gather/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code. |
|---|
| Quelle | ⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61 |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 25.07.2025 03:20 (vor 8 Monaten) |
|---|
| Moderieren | 27.07.2025 11:45 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 317857 [yanyutao0402 ChanCMS bis 3.1.2 collect.js getArticle targetUrl erweiterte Rechte] |
|---|
| Punkte | 18 |
|---|