| 标题 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution |
|---|
| 描述 | The RCE vulnerability was discovered on /cms/gather/getArticle in latest version of ChanCMS. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code. |
|---|
| 来源 | ⚠️ https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61 |
|---|
| 用户 | ZAST.AI (UID 87884) |
|---|
| 提交 | 2025-07-25 03時20分 (8 月前) |
|---|
| 管理 | 2025-07-27 11時45分 (2 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 317857 [yanyutao0402 ChanCMS 直到 3.1.2 collect.js getArticle targetUrl 权限提升] |
|---|
| 积分 | 18 |
|---|