Enviar #622169: yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Executioninformación

Títuloyanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution
DescripciónThe RCE vulnerability was discovered on /collect/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Fuente⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-07-25 03:19 (hace 8 meses)
Moderación2025-07-26 15:05 (1 day later)
EstadoAceptado
Entrada de VulDB317815 [yanyutao0402 ChanCMS hasta 3.1.2 /collect/getArticle taskUrl escalada de privilegios]
Puntos18

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!