Submeter #671338: yanyutao0402 ChanCMS <=v3.3.2 Code Injectioninformação

Títuloyanyutao0402 ChanCMS <=v3.3.2 Code Injection
DescriçãoThe `getArticle` function in `app\modules\cms\controller\gather.js` does not perform any validation or protection on the input parameters, which can lead to code injection and subsequently result in remote command execution after login.
Fonte⚠️ https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555
Utilizador
 Narcher (UID 91355)
Submissão08/10/2025 09h40 (há 9 meses)
Moderação17/10/2025 09h22 (9 days later)
EstadoAceite
Entrada VulDB328915 [yanyutao0402 ChanCMS até 3.3.2 gather.js getArticle Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!