Name of the Vulnerable Software and Affected Versions:

yanyutao0402 ChanCMS versions through 3.3.1

Description:

A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the `keyword` argument in the `/cms/article/search` file. This issue can be exploited remotely.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.