CNNVD-202509-1485 Information
CNNVD ID
CNNVD-202509-1485
Related CVE
- CNNVD Published: 2025-09-10
Description (Chinese)
ChanCMS是中国yanyutao0402个人开发者的一个内容管理系统。 ChanCMS 3.3.0版本存在代码问题漏洞,该漏洞源于文件/cms/collect/getArticle中函数CollectController对参数taskUrl的错误操作导致服务端请求伪造。
Description (English)
ChanCMS is a content management system for the yanyutao0402 individual developers in China. ChhanCMS version 3.3.0 has a code problem loophole, which arises from the error of the CollactController function in file/cms/collect/getArticle with respect to parameter TaskUrl, which resulted in the service request for forgery.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2025-09-10
Last Modified
2026-02-24
References
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md#poc https://vuldb.com/?ctiid.323484 https://vuldb.com/?id.323484 https://vuldb.com/?submit.639779
Patch
https://gitee.com/chancms/ChanCMS
Share on: