CVE-2025-8133 | yanyutao0402 ChanCMS up to 3.1.2 gather.js getArticle targetUrl server-side request forgery (ICLP1K)

Inserito da Angelo Barbosa | Lug 24, 2025 | CVE

A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2025-8133. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-8133 | yanyutao0402 ChanCMS up to 3.1.2 gather.js getArticle targetUrl server-side request forgery (ICLP1K)

Post correlati

CVE-2024-27336 | Kofax Power PDF PNG File Parser out-of-bounds

CVE-2023-40155 | Intel CST prior 2.1.10300 uncontrolled search path (intel-sa-01021)

CVE-2024-49695 | Spiffy Plugins WP Flow Plus Plugin up to 5.2.3 on WordPress cross site scripting

CVE-2024-3312 | Easy Custom Auto Excerpt Plugin up to 2.4.12 on WordPress information disclosure