CVE-2025-11902 | yanyutao0402 ChanCMS up to 3.3.2 /cms/article/findField cid sql injection

A vulnerability identified as critical has been detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection.

This vulnerability is identified as CVE-2025-11902. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More