Lucene search
K

126 matches found

CNNVD
CNNVD
added 2025/09/10 12:0 a.m.8 views

ChanCMS SQL注入漏洞

ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...

8.8CVSS8AI score0.01195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.11 views

PT-2025-37091

Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.3.0 Description: A SQL injection weakness exists in the Search function within the app/modules/api/service/Api.js file. Manipulation of the key argument can lead to SQL injection. The exploit has been publicly release...

8.8CVSS6.3AI score0.01195EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.7 views

PT-2025-37096

Name of the Vulnerable Software and Affected Versions: ChanCMS version 3.3.0 Description: A security issue has been identified in ChanCMS. The CollectController function within the /cms/collect/getArticle file is susceptible to server-side request forgery SSRF through manipulation of the taskUrl...

6.5CVSS6.3AI score0.00649EPSS
Exploits0References8
NVD
NVD
added 2025/09/08 11:15 p.m.11 views

CVE-2025-10110

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

8.8CVSS0.00306EPSS
Exploits1References4
OSV
OSV
added 2025/09/08 11:15 p.m.5 views

CVE-2025-10110

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

8.8CVSS5.6AI score0.00306EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/08 10:32 p.m.4 views

CVE-2025-10110 ChanCMS search sql injection

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

6.5CVSS6.8AI score0.00306EPSS
Exploits1References4
CVE
CVE
added 2025/09/08 10:32 p.m.14 views

CVE-2025-10110

ChanCMS

8.8CVSS6.8AI score0.00306EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/09/08 10:15 p.m.1 views

CVE-2025-10106

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS5.7AI score0.00351EPSS
Exploits1References4
NVD
NVD
added 2025/09/08 10:15 p.m.4 views

CVE-2025-10106

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS0.00351EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/08 9:32 p.m.3 views

CVE-2025-10106 yanyutao0402 ChanCMS search sql injection

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

6.5CVSS7AI score0.00351EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/08 9:32 p.m.10 views

CVE-2025-10106 yanyutao0402 ChanCMS search sql injection

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

6.5CVSS0.00351EPSS
Exploits1References4
OSV
OSV
added 2025/09/08 9:15 p.m.5 views

CVE-2025-10105

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

8.8CVSS5.7AI score0.00308EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/08 8:32 p.m.10 views

CVE-2025-10105 yanyutao0402 ChanCMS search sql injection

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS0.00308EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/08 8:32 p.m.3 views

CVE-2025-10105 yanyutao0402 ChanCMS search sql injection

A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.7AI score0.00308EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36512

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions up to 3.3.1 Description: A SQL injection issue exists in an unknown part of the file /cms/collect/search in yanyutao0402 ChanCMS. Manipulation of the keyword argument may allow for remote exploitation. The exploi...

8.8CVSS6.5AI score0.00351EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.4 views

ChanCMS SQL注入漏洞

ChanCMS is a content management system developed by yanyutao0402 individual developer in China. SQL injection vulnerability exists in ChanCMS 3.3.1 and previous versions, the vulnerability stems from the incorrect operation of the parameter keyword which leads to SQL injection...

8.8CVSS7AI score0.00351EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36505

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...

8.8CVSS6.4AI score0.00308EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36520

Name of the Vulnerable Software and Affected Versions: ChanCMS versions prior to 3.3.2 Description: A SQL injection issue exists in ChanCMS. The vulnerability is located in the /search/ endpoint and can be triggered by manipulating the input with %20or%201=1%20%23/words.html. Remote exploitation ...

8.8CVSS6.7AI score0.00306EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.5 views

ChanCMS SQL注入漏洞

ChanCMS is a content management system developed by yanyutao0402 individual developer in China. SQL injection vulnerability exists in ChanCMS 3.3.1 and previous versions, the vulnerability stems from the incorrect operation of the parameter keyword which leads to SQL injection...

8.8CVSS7AI score0.00308EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/30 8:32 a.m.12 views

CVE-2025-8266

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launch...

6.5CVSS7.2AI score0.00971EPSS
Exploits1References1
Rows per page
Query Builder