A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.
An attacker sends a crafted HTTP POST request to the /vip/v1/file/save endpoint, injecting a malicious template (template injection). The server-side template processing mechanism interprets the transmitted data as executable code, leading to the execution of arbitrary commands in the context of the server process. The vulnerability does not require any authentication or user interaction, making it trivial to exploit remotely.
An attacker can gain full control over the system — read, modify or delete data, and completely compromise the server. Lateral movement through the infrastructure or backdoor installation is also possible.
Patches available from the vendor should be applied according to references. Until the fix is deployed, it is recommended to block access to the /vip/v1/file/save endpoint at the firewall or reverse proxy level and restrict application access exclusively to trusted networks.
ChanCMS version 3.3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HChancms
APPChancms3.3.4
Related vulnerabilities
W systemie yanyutao0402 ChanCMS do wersji 3.3.2 odkryto podatność wpływającą na funkcję getArticle w pliku app...
W yanyutao0402 ChanCMS do wersji 3.3.2 odkryto lukę bezpieczeństwa. Problem występuje w funkcji update pliku /...
Wykryta została podatność w yanyutao0402 ChanCMS do wersji 3.3.2. Podatność dotyczy funkcji findField w pliku ...
Odkryto podatność w yanyutao0402 ChanCMS do wersji 3.3.2, która dotyczy funkcji hasUse w pliku /cms/model/hasU...
W oprogramowaniu yanyutao0402 ChanCMS w wersji 3.3.0 wykryto lukę bezpieczeństwa. Podatny element to funkcja C...