yanyutao0402 ChanCMS getArticle CollectController server-side request forgery_CVE-2025-10211

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10211

Source VulDB

Published Sep 10, 2025 at 20:02

Modified Sep 10, 2025 at 20:14

Affected Product

Vendor yanyutao0402

Product ChanCMS

Version 3.3.0

Affected Versions yanyutao0402 ChanCMS 3.3.0

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-10T20:02:05.846Z",
    "modified": "2025-09-10T20:14:34.320Z",
    "type": "cve",
    "title": "yanyutao0402 ChanCMS getArticle CollectController server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323484\nhttps://vuldb.com/?ctiid.323484\nhttps://vuldb.com/?submit.639779\nhttps://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md\nhttps://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e7.md#poc",
    "id": "CVE-2025-10211",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "yanyutao0402 ChanCMS 3.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ChanCMS",
    "version": "3.3.0",
    "vendor": "yanyutao0402",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}