CVE-2025-11904 – This SQL injection vulnerability in ChanCMS all... (How to Fix)

Q: What is the severity of CVE-2025-11904?

CVE-2025-11904 has a CVSS score of 6.3 (MEDIUM). This SQL injection vulnerability in ChanCMS allows attackers to manipulate database queries through the hasUse function. It affects ChanCMS versions up to 3.3.2 and can be exploited remotely without authentication. Organizations using vulnerable versions are at risk of data theft, modification, or system compromise.

📋 TL;DR

This SQL injection vulnerability in ChanCMS allows attackers to manipulate database queries through the hasUse function. It affects ChanCMS versions up to 3.3.2 and can be exploited remotely without authentication. Organizations using vulnerable versions are at risk of data theft, modification, or system compromise.

💻 Affected Systems

Products:

ChanCMS

Versions: Up to and including 3.3.2

Operating Systems: All platforms running ChanCMS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable file /cms/model/hasUse are affected. No special configuration required.

📦 What is this software?

Chancms by Chancms

View all CVEs affecting Chancms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to execute arbitrary commands.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, or database manipulation affecting application integrity.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repositories. Remote exploitation is possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider upgrading if newer versions exist or apply manual fixes.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for the hasUse function to prevent SQL injection.

Modify /cms/model/hasUse to use prepared statements with parameter binding

Web Application Firewall

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint.

Configure WAF to block SQL injection patterns for /cms/model/hasUse

🧯 If You Can't Patch

Isolate the ChanCMS instance behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Check if ChanCMS version is 3.3.2 or earlier and if /cms/model/hasUse file exists with vulnerable code patterns.

Check Version:

Check ChanCMS configuration files or admin panel for version information

Verify Fix Applied:

Test the hasUse function with SQL injection payloads to confirm they are properly rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from web application logs
SQL error messages in application logs
Multiple failed login attempts or parameter manipulation

Network Indicators:

Unusual SQL patterns in HTTP requests to /cms/model/hasUse
Excessive database connections from web server

SIEM Query:

source="web_logs" AND (uri="/cms/model/hasUse" AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "INSERT"))

📊 Metadata

CVE ID: CVE-2025-11904

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.03% exploit probability (9.7th percentile)

Published: October 17, 2025

Last Updated: October 24, 2025

🔗 References

https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#222 Exploit,Third Party Advisory
https://github.com/NarcherAlter/Security_Note/blob/main/Vulnerability_Discovery/ChanCMSv3.3.2.md#cmsmodelhasuse Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328914 Permissions Required,VDB Entry
https://vuldb.com/?id.328914 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.670274 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11904, you might also want to check these: