CVE-2025-11904 | yanyutao0402 ChanCMS up to 3.3.2 /cms/model/hasUse ID sql injection

Inserito da Angelo Barbosa | Ott 17, 2025 | CVE

A vulnerability marked as critical has been reported in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection.

This vulnerability is listed as CVE-2025-11904. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11904 | yanyutao0402 ChanCMS up to 3.3.2 /cms/model/hasUse ID sql injection

Post correlati

CVE-2023-49839 | KlbTheme Cosmetsy Theme on WordPress cross site scripting

CVE-2023-48324 | Awesome Support Plugin up to 6.1.4 on WordPress wpas_edit_reply_ajax authorization

CVE-2024-20440 | Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 HTTP Request log file (cisco-sa-cslu-7gHMzWmw)

CVE-2024-5034 | SULly Plugin up to 4.3.0 on WordPress cross-site request forgery