PT-2025-37096 · Chancms · Chancms
Yu_Bao
·
Published
2025-09-10
·
Updated
2025-12-01
·
CVE-2025-10211
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
ChanCMS version 3.3.0
Description:
A security issue has been identified in ChanCMS. The
CollectController function within the /cms/collect/getArticle file is susceptible to server-side request forgery (SSRF) through manipulation of the taskUrl argument. This allows for remote attacks. The vulnerability has been publicly disclosed.Recommendations:
As a temporary workaround, consider restricting access to the
/cms/collect/getArticle file until a patch is available.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chancms