Lucene search
K

104 matches found

OSV
OSV
added 2025/02/03 8:15 p.m.2 views

CVE-2024-57452

ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...

7.5CVSS5.9AI score0.00375EPSS
Exploits1References1
NVD
NVD
added 2025/02/03 8:15 p.m.13 views

CVE-2024-57452

ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...

7.5CVSS0.00375EPSS
Exploits1References1
NVD
NVD
added 2025/02/03 8:15 p.m.11 views

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

9.8CVSS0.0054EPSS
Exploits1References1
CVE
CVE
added 2025/02/03 12:0 a.m.74 views

CVE-2024-57451

CVE-2024-57451 affects ChestnutCMS

7.5CVSS7AI score0.00835EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

ChestnutCMS 安全漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and prior versions, which stems from the vulnerability of uploading files via the Create Template feature...

9.8CVSS6.7AI score0.0054EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.5 views

ChestnutCMS 安全漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and earlier versions, which stems from a contentcore.controller.FileController contains an arbitrary file...

7.5CVSS6.8AI score0.00375EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.11 views

CVE-2024-57452

ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...

0.00375EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.11 views

CVE-2024-57451

ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...

0.00835EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.9 views

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

9.6AI score0.0054EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.8 views

CVE-2024-57452

ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...

7AI score0.00375EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.5 views

PT-2025-3449 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions =1.5.0 Description: The issue allows attackers to delete any file and folder due to an arbitrary file deletion vulnerability in the contentcore.controller.FileController. This vulnerability enables attackers to exploit th...

7.5CVSS7.3AI score0.00375EPSS
Exploits1References4
CVE
CVE
added 2025/02/03 12:0 a.m.54 views

CVE-2024-57452

CVE-2024-57452 affects ChestnutCMS <= 1.5.0 where the vulnerability resides in contentcore.controller.FileController, enabling arbitrary file deletion (delete any file/folder). Root cause: inadequate access control/input handling in the file deletion logic. Impact: potential data loss with hig...

7.5CVSS6.7AI score0.00375EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

ChestnutCMS 安全漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and earlier versions, which stems from a directory traversal issue contained in...

7.5CVSS6.7AI score0.00835EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.8 views

CVE-2024-57451

ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...

7.5AI score0.00835EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.6 views

PT-2025-3447 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions 1.5.0 and earlier Description: The issue allows for File Upload via the Create template function. Recommendations: For ChestnutCMS versions 1.5.0 and earlier, update to a version that fixes this issue. At the moment, ther...

9.8CVSS6.9AI score0.0054EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.12 views

CVE-2024-57450

ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...

0.0054EPSS
Exploits1References1
CVE
CVE
added 2025/02/03 12:0 a.m.79 views

CVE-2024-57450

Summary: CVE-2024-57450 affects ChestnutCMS versions 1.5.0 and older, where the Create template function allows file uploads. This is documented across multiple feeds as a vulnerability with a high severity (CVSS 3.1 base score 9.8) and is described as a vulnerability in ChestnutCMS

9.8CVSS6.6AI score0.0054EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/01/06 6:15 p.m.10 views

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

9.8CVSS5.8AI score0.0085EPSS
Exploits1References3
NVD
NVD
added 2025/01/06 6:15 p.m.15 views

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

9.8CVSS0.0085EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.3 views

PT-2025-3338 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions prior to 1.5.0 Description: The issue concerns a file upload vulnerability where the /api/member/avatar API endpoint receives a base64 string as input, which is then processed by the memberService.uploadAvatarByBase64...

9.8CVSS6.4AI score0.0085EPSS
Exploits1References9
Rows per page
Query Builder