CVE-2025-10211 | yanyutao0402 ChanCMS 3.3.0 /cms/collect/getArticle CollectController taskUrl server-side request forgery

A vulnerability classified as critical has been found in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery.

This vulnerability is listed as CVE-2025-10211. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More