CVE-2025-10211 Scanner
CVE-2025-10211 Scanner - Server-Side-Request-Forgery vulnerability in ChanCMS
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
22 days 7 hours
Scan only one
URL
Toolbox
ChanCMS is a content management system widely used by small to medium businesses for dynamic website management. It provides various functionalities including content creation, editing, and publishing. The platform is known for its user-friendly interface that allows non-technical users to manage web content effectively. ChanCMS supports plugins and themes to extend its capabilities. It is generally employed in environments where ease of content management and quick deployment of websites are key requirements. The system is typically used by web administrators and developers who need a versatile CMS solution.
Server-Side Request Forgery (SSRF) is a vulnerability where an attacker can make a server process arbitrary HTTP requests. Traditional SSRF attacks allow attackers to send requests to websites from the vulnerable server, potentially accessing or manipulating internal resources. In this vulnerability, the attacker can manipulate the "taskUrl" argument to trigger this behavior. The vulnerability does not require special privileges and can be exploited remotely. SSRF can lead to sensitive data exposure if exploited effectively.
The SSRF vulnerability in ChanCMS occurs due to an insecure implementation allowing attackers to manipulate the "taskUrl" parameter in the /cms/collect/getArticle endpoint. This enables attackers to control where the server sends requests. The lack of validation or filtration on this parameter leads to arbitrary request capability. Exploitability requires the attacker to have network access to the vulnerable server. The vulnerability does not change existing user permissions but may expose backend network resources. This vulnerability is linked to CWE-918, which pertains to SSRF vulnerabilities.
If malicious actors exploit this SSRF vulnerability, they can potentially access and manipulate server resources or expose sensitive data. Attackers could use it for lateral network movements, exploiting internal services opportunistically. They might also gather sensitive data through unauthorized access to backend resources. The SSRF vulnerability could also serve as a stepping stone to further exploit the server hosting ChanCMS or its connected architectures. Over time, exploitation could disrupt regular service operations.
REFERENCES
