Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-8266 PoC — ChanCMS 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-8266.yaml
Associated Vulnerability
Title:ChanCMS 代码问题漏洞 (CVE-2025-8266)
Description:ChanCMS是中国yanyutao0402个人开发者的一个内容管理系统。 ChanCMS 3.1.2及之前版本存在代码问题漏洞,该漏洞源于文件app/modules/cms/controller/collect.js中函数getArticle对参数targetUrl的操作导致反序列化。
Description
yanyutao0402 ChanCMS <= 3.1.2 contains an insecure deserialization caused by manipulation of the \"targetUrl\" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input.
File Snapshot

 id: CVE-2025-8266

info:
  name: ChanCMS <= 3.1. - Remote Code Execution
  author: Ark
  severity: c

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.