CVE-2025-11902 – This SQL injection vulnerability in ChanCMS all... (How to Fix)

Q: What is the severity of CVE-2025-11902?

CVE-2025-11902 has a CVSS score of 6.3 (MEDIUM). This SQL injection vulnerability in ChanCMS allows remote attackers to execute arbitrary SQL commands by manipulating the 'cid' parameter in the findField function. Affected systems are ChanCMS installations up to version 3.3.2 that have the vulnerable endpoint exposed. The vulnerability can lead to data theft, modification, or complete system compromise.

📋 TL;DR

This SQL injection vulnerability in ChanCMS allows remote attackers to execute arbitrary SQL commands by manipulating the 'cid' parameter in the findField function. Affected systems are ChanCMS installations up to version 3.3.2 that have the vulnerable endpoint exposed. The vulnerability can lead to data theft, modification, or complete system compromise.

💻 Affected Systems

Products:

yanyutao0402 ChanCMS

Versions: up to 3.3.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable endpoint accessible are affected. The vulnerability is in the core CMS functionality.

📦 What is this software?

Chancms by Chancms

View all CVEs affecting Chancms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data manipulation, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access and extraction from the ChanCMS database, potentially exposing sensitive content, user information, or administrative credentials.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially resulting in error messages but no data compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repositories. The vulnerability requires no authentication and can be exploited remotely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available as vendor did not respond. Consider upgrading to any version above 3.3.2 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the 'cid' parameter to only accept expected data types and ranges

Modify /cms/article/findField to validate cid parameter using is_numeric() or similar validation

Web Application Firewall Rule

all

Block SQL injection attempts targeting the vulnerable endpoint

WAF rule: Block requests to /cms/article/findField containing SQL keywords in parameters

🧯 If You Can't Patch

Restrict access to /cms/article/findField endpoint using network ACLs or authentication
Implement database-level protections: use least privilege database accounts, enable query logging

🔍 How to Verify

Check if Vulnerable:

Check if ChanCMS version is 3.3.2 or earlier and if /cms/article/findField endpoint is accessible

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are blocked or properly handled

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to /cms/article/findField with suspicious parameters
Database error messages containing SQL syntax

Network Indicators:

HTTP requests to /cms/article/findField containing SQL keywords like UNION, SELECT, INSERT

SIEM Query:

source="web_logs" AND uri="/cms/article/findField" AND (param="cid" AND value CONTAINS "' OR ")

📊 Metadata

CVE ID: CVE-2025-11902

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.03% exploit probability (9.7th percentile)

Published: October 17, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md Exploit,Third Party Advisory
https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsarticlefindfield Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328912 Permissions Required,VDB Entry
https://vuldb.com/?id.328912 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.670262 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11902, you might also want to check these: