CVE-2025-11905 | yanyutao0402 ChanCMS up to 3.3.2 gather.js getArticle code injection

Inserito da Angelo Barbosa | Ott 17, 2025 | CVE

A vulnerability described as critical has been identified in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file appmodulescmscontrollergather.js. The manipulation results in code injection.

This vulnerability is cataloged as CVE-2025-11905. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11905 | yanyutao0402 ChanCMS up to 3.3.2 gather.js getArticle code injection

Post correlati

CVE-2024-22406 | Shopware up to 6.5.7.3 API sql injection (GHSA-qmp9-2xwj-m6m9)

CVE-2023-50844 | James Ward Mail Logging Plugin up to 2.1.3 on WordPress sql injection

CVE-2024-12419 | tobias_conrad Design for Contact Form 7 Style Plugin up to 1.6.9 on WordPress Shortcode do_shortcode code injection

CVE-2024-47071 | FreePBX OSS Endpoint Manager up to 14.0.3 Module path traversal