ChanCMS search sql injection

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

ChanCMS SQL注入漏洞

ChanCMS是中国yanyutao0402个人开发者的一个内容管理系统。 ChanCMS 3.3.1及之前版本存在SQL注入漏洞，该漏洞源于对输入的错误操作导致SQL注入。

N/A

N/A