CVE-2025-8226

MEDIUM

Chancms < 3.1.3 - Information Disclosure

Title source: rule

Description

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

Exploits (1)

gitee 613 stars
by chancms · nodejswriteup
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP9V

References (4)

Scores

CVSS v3 4.3
EPSS 0.0009
EPSS Percentile 25.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-284 CWE-200
Status published
Products (1)
chancms/chancms < 3.1.3
Published Jul 27, 2025
Tracked Since Feb 18, 2026