CVE-2025-8266 | yanyutao0402 ChanCMS up to 3.1.2 collect.js getArticle targetUrl deserialization (ICLP61)

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization.

This vulnerability is known as CVE-2025-8266. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More