Invia #671338: yanyutao0402 ChanCMS <=v3.3.2 Code Injectioninformazioni

Titoloyanyutao0402 ChanCMS <=v3.3.2 Code Injection
DescrizioneThe `getArticle` function in `app\modules\cms\controller\gather.js` does not perform any validation or protection on the input parameters, which can lead to code injection and subsequently result in remote command execution after login.
Fonte⚠️ https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555
Utente
 Narcher (UID 91355)
Sottomissione08/10/2025 09:40 (9 mesi fa)
Moderazione17/10/2025 09:22 (9 days later)
StatoAccettato
Voce VulDB328915 [yanyutao0402 ChanCMS fino a 3.3.2 gather.js getArticle escalationi di privilegi]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!