CVE-2025-10211

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

User can refer themselves

Lines of code Vulnerability details Impact User can refer themselves when collect in any CollectModule that collect fee. The will lead to value leak as user can always refer themselves to receive a referral fee as discount. Proof of Concept Recommended Mitigation Steps Check if referrer ==...

Fee amount too restrictive

Lines of code Vulnerability details Impact In the fee collect modules like FeeCollectModule, the initializePublicationCollectModule checks if the fee amount that each user needs to pay is at least = BPSMAX = 10000. For certain currencies with fewer decimals this is too restrictive. As an example,...

Cashback on referral

Lines of code Vulnerability details Impact In the fee collect modules like FeeCollectModule there is no prevention of someone submitting a second profile they own as the referrerProfileId in processCollect to receive back part of the fees paid. The referral system is essentially broken as all...