CNNVD-202510-2438 Information
CNNVD ID
CNNVD-202510-2438
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
ChanCMS是中国yanyutao0402个人开发者的一个内容管理系统。 ChanCMS 3.3.2及之前版本存在代码注入漏洞,该漏洞源于文件appmodulescmscontrollergather.js中函数getArticle存在代码注入漏洞,可能导致远程代码执行。
Description (English)
ChanCMS is a content management system for the yanyutao0402 individual developers in China. ChanCMS 3.3.2 and previous versions contain code-injecting loopholes, which stem from the code-injection of the function GetArticle in file appmodulescmscontrollergather.js, which may lead to remote code execution.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#555 https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsgathergetarticle https://vuldb.com/?ctiid.328915 https://vuldb.com/?id.328915 https://vuldb.com/?submit.671338 https://access.redhat.com/security/cve/cve-2025-11905
Patch
https://gitee.com/chancms/ChanCMS/releases
Share on: