| Title | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 SSRF |
|---|
| Description | SSRF vulnerability on /cms/gather/getArticle
In the network access functionality, the target URL is user-controllable and lacks sufficient security handling, thus allowing attackers to exploit SSRF vulnerabilities to access internal hosts and services. |
|---|
| Source | ⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP1K |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/21/2025 14:22 (11 months ago) |
|---|
| Moderation | 07/24/2025 17:44 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317529 [yanyutao0402 ChanCMS up to 3.1.2 gather.js getArticle targetUrl server-side request forgery] |
|---|
| Points | 17 |
|---|