CVE-2025-11904 | yanyutao0402 ChanCMS up to 3.3.2 /cms/model/hasUse ID sql injection

A vulnerability marked as critical has been reported in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection.

This vulnerability is listed as CVE-2025-11904. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More