Lucene search
K

104 matches found

Cvelist
Cvelist
added 2025/01/06 12:0 a.m.15 views

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

0.0085EPSS
Exploits1References3
CVE
CVE
added 2025/01/06 12:0 a.m.91 views

CVE-2024-56828

CVE-2024-56828 affects ChestnutCMS up to 1.5.0. The /api/member/avatar endpoint accepts a base64 data URL, decodes the payload via the service’s uploadAvatarByBase64, and derives a file suffix from the encoded content (substring from the 11th character to the first semicolon). The decoded data is...

9.8CVSS7.3AI score0.0085EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/06 12:0 a.m.9 views

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

9.5AI score0.0085EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.4 views

ChestnutCMS 安全漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS 1.5.0 and earlier versions, which originates from the /api/member/avatar interface in the file upload function does not...

9.8CVSS6.7AI score0.0085EPSS
Exploits1References3
Rows per page
Query Builder