yanyutao0402 ChanCMS search sql injection_CVE-2025-10106

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-10106

Source VulDB

Published Sep 8, 2025 at 21:32

Affected Product

Vendor yanyutao0402

Product ChanCMS

Version 3.3.0

Affected Versions yanyutao0402 ChanCMS 3.3.0
yanyutao0402 ChanCMS 3.3.1

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-08T21:32:05.519Z",
    "modified": "2025-09-08T21:32:05.519Z",
    "type": "cve",
    "title": "yanyutao0402 ChanCMS search sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323073\nhttps://vuldb.com/?ctiid.323073\nhttps://vuldb.com/?submit.645354\nhttps://github.com/chujianxin0101/vuln/issues/9",
    "id": "CVE-2025-10106",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "yanyutao0402 ChanCMS 3.3.0\nyanyutao0402 ChanCMS 3.3.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ChanCMS",
    "version": "3.3.0",
    "vendor": "yanyutao0402",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}