126 matches found
ChanCMS SQL注入漏洞
ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...
PT-2025-37091
Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.3.0 Description: A SQL injection weakness exists in the Search function within the app/modules/api/service/Api.js file. Manipulation of the key argument can lead to SQL injection. The exploit has been publicly release...
PT-2025-37096
Name of the Vulnerable Software and Affected Versions: ChanCMS version 3.3.0 Description: A security issue has been identified in ChanCMS. The CollectController function within the /cms/collect/getArticle file is susceptible to server-side request forgery SSRF through manipulation of the taskUrl...
CVE-2025-10110
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CVE-2025-10110
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CVE-2025-10110 ChanCMS search sql injection
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CVE-2025-10110
ChanCMS
CVE-2025-10106
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-10106
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-10106 yanyutao0402 ChanCMS search sql injection
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-10106 yanyutao0402 ChanCMS search sql injection
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-10105
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2025-10105 yanyutao0402 ChanCMS search sql injection
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2025-10105 yanyutao0402 ChanCMS search sql injection
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
PT-2025-36512
Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions up to 3.3.1 Description: A SQL injection issue exists in an unknown part of the file /cms/collect/search in yanyutao0402 ChanCMS. Manipulation of the keyword argument may allow for remote exploitation. The exploi...
ChanCMS SQL注入漏洞
ChanCMS is a content management system developed by yanyutao0402 individual developer in China. SQL injection vulnerability exists in ChanCMS 3.3.1 and previous versions, the vulnerability stems from the incorrect operation of the parameter keyword which leads to SQL injection...
PT-2025-36505
Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...
PT-2025-36520
Name of the Vulnerable Software and Affected Versions: ChanCMS versions prior to 3.3.2 Description: A SQL injection issue exists in ChanCMS. The vulnerability is located in the /search/ endpoint and can be triggered by manipulating the input with %20or%201=1%20%23/words.html. Remote exploitation ...
ChanCMS SQL注入漏洞
ChanCMS is a content management system developed by yanyutao0402 individual developer in China. SQL injection vulnerability exists in ChanCMS 3.3.1 and previous versions, the vulnerability stems from the incorrect operation of the parameter keyword which leads to SQL injection...
CVE-2025-8266
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launch...