Enviar #622170: yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Executioninformación

Títuloyanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution
DescripciónThe RCE vulnerability was discovered on /cms/gather/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Fuente⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-07-25 03:20 (hace 8 meses)
Moderación2025-07-27 11:45 (2 days later)
EstadoAceptado
Entrada de VulDB317857 [yanyutao0402 ChanCMS hasta 3.1.2 collect.js getArticle targetUrl escalada de privilegios]
Puntos18

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!