CNNVD-202510-2434 Information
CNNVD ID
CNNVD-202510-2434
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
ChanCMS是中国yanyutao0402个人开发者的一个内容管理系统。 ChanCMS 3.3.2及之前版本存在SQL注入漏洞,该漏洞源于对文件/cms/article/findField中函数findField的参数cid的错误操作,可能导致SQL注入攻击。
Description (English)
ChanCMS is a content management system for the yanyutao0402 individual developers in China. ChanCMS 3.3.2 and previous versions contain an injection loophole in SQL, which arises out of an error in the cid of the Findfield function file/cms/article/findfield, which could lead to an attack on SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
个人开发者
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsarticlefindfield https://vuldb.com/?id.328912 https://vuldb.com/?submit.670262 https://vuldb.com/?ctiid.328912 https://access.redhat.com/security/cve/cve-2025-11902
Patch
https://gitee.com/chancms/ChanCMS/releases
Share on: