CNNVD-202509-1493 Information
Sep 10, 2025
cve
CNNVD ID
CNNVD-202509-1493
Related CVE
- CNNVD Published: 2025-09-10
Description (Chinese)
ChanCMS是中国yanyutao0402个人开发者的一个内容管理系统。 ChanCMS 3.3.0及之前版本存在SQL注入漏洞,该漏洞源于文件app/modules/api/service/Api.js中函数Search对参数key的错误操作导致SQL注入。
Description (English)
ChanCMS is a content management system for the yanyutao0402 individual developers in China. ChanCMS 3.3.0 and previous versions have a SQL injection loophole, which stems from the error of the Saarch function in documentapp/modules/api/service/Api.js to the parameterkey.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
个人开发者
Published
2025-09-10
Last Modified
2026-02-24
References
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md#poc https://vuldb.com/?ctiid.323483 https://vuldb.com/?id.323483 https://vuldb.com/?submit.639777
Patch
https://gitee.com/chancms/ChanCMS
Share on: