Submit #671338: yanyutao0402 ChanCMS <=v3.3.2 Code Injectioninfo

Titleyanyutao0402 ChanCMS <=v3.3.2 Code Injection
DescriptionThe `getArticle` function in `app\modules\cms\controller\gather.js` does not perform any validation or protection on the input parameters, which can lead to code injection and subsequently result in remote command execution after login.
Source⚠️ https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555
User
 Narcher (UID 91355)
Submission10/08/2025 09:40 (9 months ago)
Moderation10/17/2025 09:22 (9 days later)
StatusAccepted
VulDB entry328915 [yanyutao0402 ChanCMS up to 3.3.2 gather.js getArticle code injection]
Points17

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!