Invia #670271: yanyutao0402 ChanCMS <=3.3.2 SQL Injectioninformazioni

Titoloyanyutao0402 ChanCMS <=3.3.2 SQL Injection
DescrizioneA vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. It has been rated as critical. After downloading the source code and deploying it directly, an attacker can log in to the backend at `/public/admin/index.html` using the weak default credentials `chancms/123456`. Code auditing revealed that the `update` function in `/cms/article/update` does not validate the `cid` parameter. By manipulating the `cid` argument, an attacker can perform SQL injection. This vulnerability can be exploited remotely. It is recommended to fix the parameter validation issue or upgrade to a secure version.
Fonte⚠️ https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#111
Utente
 Narcher (UID 91355)
Sottomissione07/10/2025 09:05 (9 mesi fa)
Moderazione17/10/2025 09:22 (10 days later)
StatoAccettato
Voce VulDB328913 [yanyutao0402 ChanCMS fino a 3.3.2 /cms/article/update cid iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!