yanyutao0402 ChanCMS SQL Injection Vulnerability in Article Management Function

A SQL injection vulnerability has been identified in yanyutao0402 ChanCMS versions through 3.3.2. The issue resides in the 'findField' function within the '/cms/article/findField' endpoint. The vulnerability arises because the 'cid' parameter is not properly validated, allowing for malicious manipulation of the argument to execute SQL injection attacks. This vulnerability can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the admin panel using the default credentials 'chancms' for the username and '123456' for the password. Once logged in, navigate to the '/cms/article/findField' endpoint and manipulate the 'cid' parameter to inject SQL payloads. The lack of input validation on the 'cid' parameter allows for the SQL injection to be executed successfully.