ChanCMS /cms/model/hasUse File SQL Injection Vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...

CVE-2025-11904

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-11904

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-11904

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-11904 yanyutao0402 ChanCMS hasUse sql injection

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-11904

ChanCMS up to version 3.3.2 contains a SQL injection vulnerability in the file /cms/model/hasUse, caused by unsafely handling the parameter ID. Multiple connected sources (CNVD-2025-24732, RH:CVE-2025-11904, CNNVD-202510-2437, NVD/CVE-2025-11904, etc.) describe that external SQL statements can be...

CVE-2025-11904 yanyutao0402 ChanCMS hasUse sql injection

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

EUVD-2025-34885

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

ChanCMS SQL注入漏洞

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...