📦 Chancms

An unauthenticated remote code execution vulnerability in ChanCMS v3.3.4 allows attackers to execute arbitrary code via template injection in the /vip/v1/file/save endpoint. This affects all deploymen...

This vulnerability allows remote attackers to execute arbitrary code through code injection in the getArticle function of ChanCMS. It affects all ChanCMS installations up to version 3.3.2 that have th...

This SQL injection vulnerability in ChanCMS allows attackers to manipulate database queries through the hasUse function. It affects ChanCMS versions up to 3.3.2 and can be exploited remotely without a...

This SQL injection vulnerability in ChanCMS allows remote attackers to execute arbitrary SQL commands by manipulating the 'cid' parameter in the article update function. All ChanCMS installations up t...

This SQL injection vulnerability in ChanCMS allows remote attackers to execute arbitrary SQL commands by manipulating the 'cid' parameter in the findField function. Affected systems are ChanCMS instal...

This is a Server-Side Request Forgery (SSRF) vulnerability in ChanCMS 3.3.0 that allows attackers to manipulate the taskUrl parameter to make the server send unauthorized requests to internal or exter...

This CVE describes a SQL injection vulnerability in ChanCMS up to version 3.3.0, specifically in the Search function's key parameter. Attackers can remotely exploit this to execute arbitrary SQL comma...

This SQL injection vulnerability in ChanCMS allows attackers to execute arbitrary SQL commands through the /cms/article/search endpoint by manipulating the 'keyword' parameter. Attackers can potential...

This critical vulnerability in ChanCMS allows remote attackers to execute arbitrary code through deserialization of untrusted data in the getArticle function. Attackers can exploit this by manipulatin...

This critical vulnerability in ChanCMS allows attackers to perform server-side request forgery (SSRF) by manipulating the targetUrl parameter in the getPages function. Attackers can exploit this remot...

This vulnerability in ChanCMS allows remote attackers to access sensitive information by manipulating accessKey/secretKey parameters in the /sysApp/find endpoint. It affects ChanCMS versions up to 3.1...