| 제목 | yanyutao0402 ChanCMS <=3.3.2 SQL Injection |
|---|
| 설명 | A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. It has been rated as critical. After downloading the source code and deploying it directly, an attacker can log in to the backend at `/public/admin/index.html` using the weak default credentials `chancms/123456`.
Code auditing revealed that the `update` function in `/cms/article/update` does not validate the `cid` parameter.
By manipulating the `cid` argument, an attacker can perform SQL injection.
This vulnerability can be exploited remotely. It is recommended to fix the parameter validation issue or upgrade to a secure version.
|
|---|
| 원천 | ⚠️ https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#111 |
|---|
| 사용자 | Narcher (UID 91355) |
|---|
| 제출 | 2025. 10. 07. AM 09:05 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 17. AM 09:22 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 328913 [yanyutao0402 ChanCMS 까지 3.3.2 /cms/article/update cid SQL 주입] |
|---|
| 포인트들 | 20 |
|---|