yanyutao0402 ChanCMS collect.js getArticle deserialization

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title yanyutao0402 ChanCMS collect.js getArticle deserialization
Type cve
Published 2025-07-28T08:32:15.139Z
Modified 2025-07-28T08:32:15.139Z

Product Information

Vendor yanyutao0402
Product ChanCMS
Version 3.1.0

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected Products

  • yanyutao0402 ChanCMS 3.1.0
  • yanyutao0402 ChanCMS 3.1.1
  • yanyutao0402 ChanCMS 3.1.2

Additional Information

CWE List CWE-502, CWE-20
Source VulDB

Description

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.