| Title | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution |
|---|
| Description | The RCE vulnerability was discovered on /collect/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code. |
|---|
| Source | ⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP81 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/25/2025 03:19 (9 months ago) |
|---|
| Moderation | 07/26/2025 15:05 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317815 [yanyutao0402 ChanCMS up to 3.1.2 /collect/getArticle taskUrl deserialization] |
|---|
| Points | 18 |
|---|