104 matches found
CVE-2024-57452
ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...
CVE-2024-57452
ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
CVE-2024-57451
CVE-2024-57451 affects ChestnutCMS
ChestnutCMS 安全漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and prior versions, which stems from the vulnerability of uploading files via the Create Template feature...
ChestnutCMS 安全漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and earlier versions, which stems from a contentcore.controller.FileController contains an arbitrary file...
CVE-2024-57452
ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...
CVE-2024-57451
ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
CVE-2024-57452
ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...
PT-2025-3449 · Unknown · Chestnutcms
Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions =1.5.0 Description: The issue allows attackers to delete any file and folder due to an arbitrary file deletion vulnerability in the contentcore.controller.FileController. This vulnerability enables attackers to exploit th...
CVE-2024-57452
CVE-2024-57452 affects ChestnutCMS <= 1.5.0 where the vulnerability resides in contentcore.controller.FileController, enabling arbitrary file deletion (delete any file/folder). Root cause: inadequate access control/input handling in the file deletion logic. Impact: potential data loss with hig...
ChestnutCMS 安全漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and earlier versions, which stems from a directory traversal issue contained in...
CVE-2024-57451
ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...
PT-2025-3447 · Unknown · Chestnutcms
Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions 1.5.0 and earlier Description: The issue allows for File Upload via the Create template function. Recommendations: For ChestnutCMS versions 1.5.0 and earlier, update to a version that fixes this issue. At the moment, ther...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
CVE-2024-57450
Summary: CVE-2024-57450 affects ChestnutCMS versions 1.5.0 and older, where the Create template function allows file uploads. This is documented across multiple feeds as a vulnerability with a high severity (CVSS 3.1 base score 9.8) and is described as a vulnerability in ChestnutCMS
CVE-2024-56828
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...
CVE-2024-56828
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...
PT-2025-3338 · Unknown · Chestnutcms
Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions prior to 1.5.0 Description: The issue concerns a file upload vulnerability where the /api/member/avatar API endpoint receives a base64 string as input, which is then processed by the memberService.uploadAvatarByBase64...