| Title | yanyutao0402 ChanCMS V3.3.0 Unauthorized SSRF |
|---|
| Description | The getPages and getArticle methods in CollectController both get the URL from the request body and call collect.common to get the contents of the URL. In the getPages method, the targetUrl parameter has been verified by the isValidTargetUrl function. However, in the getArticle method, the taskUrl parameter is not validated by isValidTargetUrl before being passed to collect.common. |
|---|
| Source | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md |
|---|
| User | Yu_Bao (UID 89348) |
|---|
| Submission | 08/22/2025 12:19 (10 months ago) |
|---|
| Moderation | 09/10/2025 12:24 (19 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323484 [yanyutao0402 ChanCMS 3.3.0 /cms/collect/getArticle CollectController taskUrl server-side request forgery] |
|---|
| Points | 20 |
|---|