Submeter #622169: yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Executioninformação

Títuloyanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution
DescriçãoThe RCE vulnerability was discovered on /collect/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Fonte⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81
Utilizador
 ZAST.AI (UID 87884)
Submissão25/07/2025 03h19 (há 9 meses)
Moderação26/07/2025 15h05 (1 day later)
EstadoAceite
Entrada VulDB317815 [yanyutao0402 ChanCMS até 3.1.2 /collect/getArticle taskUrl Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!