| Titel | yanyutao0402 ChanCMS <=v3.3.2 Code Injection |
|---|
| Beschreibung | The `getArticle` function in `app\modules\cms\controller\gather.js` does not perform any validation or protection on the input parameters, which can lead to code injection and subsequently result in remote command execution after login. |
|---|
| Quelle | ⚠️ https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555 |
|---|
| Benutzer | Narcher (UID 91355) |
|---|
| Einreichung | 08.10.2025 09:40 (vor 9 Monaten) |
|---|
| Moderieren | 17.10.2025 09:22 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 328915 [yanyutao0402 ChanCMS bis 3.3.2 gather.js getArticle erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|