VYPR
Vendor

Chancms

Products
1
CVEs
16
Across products
16
Status
Private

Products

1

Recent CVEs

16
  • CVE-2025-11905MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public…

  • CVE-2025-11904MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and…

  • CVE-2025-11903MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.01

    A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published…

  • CVE-2025-11902MedOct 17, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The…

  • CVE-2025-10211MedSep 10, 2025
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated…

  • CVE-2025-10210MedSep 10, 2025
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made…

  • CVE-2025-10110MedSep 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and…

  • CVE-2025-10106MedSep 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public…

  • CVE-2025-10105MedSep 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated remotely. The exploit has been published…

  • CVE-2025-8266MedJul 28, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The…

  • CVE-2025-8228MedJul 27, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be…

  • CVE-2025-8227MedJul 27, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be…

  • CVE-2025-8133MedJul 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to…

  • CVE-2025-8132MedJul 25, 2025
    risk 0.35cvss 5.4epss 0.01

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been…

  • CVE-2025-8226MedJul 27, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the…

  • CVE-2025-65602Dec 10, 2025
    risk 0.00cvss epss 0.00

    A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.