CVE-2025-10210
BaseFortify
Publication date: 2025-09-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chancms | chancms | to 3.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
There are no known vendor-provided mitigations or patches for this vulnerability as the vendor did not respond to the disclosure. Immediate steps include replacing the affected ChanCMS product with an alternative that is not vulnerable. Additionally, you can implement network-level protections such as web application firewalls (WAFs) to detect and block SQL injection attempts targeting the 'key' parameter in the API search function. Restricting access to the vulnerable API endpoints and monitoring for suspicious activity can also help reduce risk until a secure replacement is deployed. [2]
Can you explain this vulnerability to me?
CVE-2025-10210 is a SQL injection vulnerability in ChanCMS versions up to 3.3.0, specifically in the search function of the file app/modules/api/service/Api.js. The vulnerability occurs because the application does not properly validate or sanitize the 'key' argument before using it in an SQL query. This allows an attacker to inject malicious SQL code remotely without authentication, potentially manipulating the database. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to compromise the confidentiality, integrity, and availability of your system. Through SQL injection, attackers can access, modify, or delete sensitive data in the database, disrupt service availability, and potentially gain unauthorized control over the affected system. Since the exploit is publicly available and requires no authentication, the risk of exploitation is significant. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the search function of ChanCMS (version up to 3.3.0) for SQL injection flaws, specifically by manipulating the 'key' parameter in requests to the API endpoint that uses app/modules/api/service/Api.js. Since a public proof-of-concept exploit is available, you can use SQL injection testing tools or manual curl commands to inject SQL payloads into the 'key' argument and observe if the system behaves unexpectedly or returns database errors. For example, you can use curl to send a request with a typical SQL injection payload: curl -G 'http://<target>/api/search' --data-urlencode 'key=1 OR 1=1' and check for abnormal responses or error messages indicating SQL injection. Automated scanners that test for SQL injection vulnerabilities on API endpoints can also be used. [1, 2]