{"id":8935,"date":"2025-07-25T00:33:12","date_gmt":"2025-07-25T00:33:12","guid":{"rendered":"http:\/\/localhost\/?p=8935"},"modified":"2025-07-25T00:33:12","modified_gmt":"2025-07-25T00:33:12","slug":"yanyutao0402-chancms-utilsjs-delfile-path-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8935","title":{"rendered":"yanyutao0402 ChanCMS utils.js delfile path traversal"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nyanyutao0402 ChanCMS utils.js delfile path traversal<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-25T05:02:25.251Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-25T05:02:25.251Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nyanyutao0402<\/td>\n<\/tr>\n
Product<\/th>\nChanCMS<\/td>\n<\/tr>\n
Version<\/th>\n3.1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:N\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA path traversal vulnerability exists in ChanCMS versions up to 3.1.2, allowing remote attackers to potentially access or modify files outside intended directories. This issue is considered critical and can be exploited without authentication. Users are advised to upgrade to version 3.1.3 to mitigate the risk.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nyanyutao0402<\/td>\n<\/tr>\n
AI Product<\/th>\nChanCMS<\/td>\n<\/tr>\n
AI Version<\/th>\n3.1.0, 3.1.1, 3.1.2<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n