Submeter #622170: yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Executioninformação

Títuloyanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution
DescriçãoThe RCE vulnerability was discovered on /cms/gather/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Fonte⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61
Utilizador
 ZAST.AI (UID 87884)
Submissão25/07/2025 03h20 (há 8 meses)
Moderação27/07/2025 11h45 (2 days later)
EstadoAceite
Entrada VulDB317857 [yanyutao0402 ChanCMS até 3.1.2 collect.js getArticle targetUrl Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!