2 matches found
CVE-2025-8133 yanyutao0402 ChanCMS gather.js getArticle server-side request forgery
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack...
CVE-2025-8133
ChanCMS up to version 3.1.2 is vulnerable to server-side request forgery in the getArticle function (app/modules/api/service/gather.js) via manipulation of the targetUrl parameter. Remote exploitation is possible and has been disclosed publicly. Upgrading to version 3.1.3 addresses the issue (pat...