CVE-2025-8132
BaseFortify
Publication date: 2025-07-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chancms | chancms | to 3.1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file deletion flaw in ChanCMS versions up to 3.1.2, specifically in the image deletion function 'delfile' located in app/extend/utils.js. It occurs because the function does not properly validate or sanitize user-supplied file paths, allowing attackers to perform path traversal attacks. By manipulating the 'url' parameter, an attacker can delete arbitrary files on the server outside the intended directory, potentially causing damage to the system. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows attackers to delete arbitrary system files remotely without authentication. The impact includes potential denial of service, data loss, and disruption of system integrity and availability. Depending on which files are deleted, it could also enable further exploitation or system compromise. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP GET requests to the endpoint /article/delfile with a url parameter containing directory traversal sequences such as '../'. For example, you can use network monitoring tools or web server logs to search for requests matching the pattern: GET /article/delfile?url=../../. Additionally, you can use command-line tools like curl or wget to test if the vulnerable endpoint is accessible and exploitable by sending crafted requests with path traversal payloads. Example command to test the vulnerability: curl -v "http://<target-ip>:7001/article/delfile?url=../../../../../../../../../tmp/testfile.txt". Detection can also involve scanning logs for unexpected file deletion events or monitoring file system changes in sensitive directories. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ChanCMS to version 3.1.3, which contains the patch (commit ID c8a282bf02a62b59ec60b4699e91c51aff2ee9cd) that fixes the vulnerability by properly validating and sanitizing the file path input. Until the upgrade can be applied, you should restrict access to the /article/delfile endpoint, for example by firewall rules or web server configuration, to prevent unauthorized or remote exploitation. Additionally, monitor and audit file deletion activities and consider implementing input validation or access controls on the affected endpoint if possible. [3]