Filtered by vendor Yanyutao0402
Subscriptions
Filtered by product Chancms
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10210 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-09-15 | 6.3 Medium |
| A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10211 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-09-15 | 6.3 Medium |
| A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10106 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-09-10 | 6.3 Medium |
| A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10105 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-09-10 | 6.3 Medium |
| A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-8132 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-27 | 5.4 Medium |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The name of the patch is c8a282bf02a62b59ec60b4699e91c51aff2ee9cd. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8133 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8266 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-27 | 6.3 Medium |
| A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8226 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-26 | 4.3 Medium |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8227 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-26 | 6.3 Medium |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8228 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-26 | 6.3 Medium |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
Page 1 of 1.