Chestnutcms
Monthly
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function [CVSS 7.2 HIGH]
ChestnutCMS up to version 1.5.8 allows authenticated remote attackers to upload arbitrary files by manipulating the File argument in the FilenameUtils.getExtension function of the /dev-api/common/upload endpoint. The vulnerability bypasses filename extension validation in the Filename Handler component, enabling unrestricted file uploads with low integrity and confidentiality impact. Publicly available exploit code exists; however, the low EPSS score (0.06%) and requirement for prior authentication significantly limit real-world exploitation risk compared to the CVSS base score.
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
File Upload vulnerability in ChestnutCMS through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function [CVSS 7.2 HIGH]
ChestnutCMS up to version 1.5.8 allows authenticated remote attackers to upload arbitrary files by manipulating the File argument in the FilenameUtils.getExtension function of the /dev-api/common/upload endpoint. The vulnerability bypasses filename extension validation in the Filename Handler component, enabling unrestricted file uploads with low integrity and confidentiality impact. Publicly available exploit code exists; however, the low EPSS score (0.06%) and requirement for prior authentication significantly limit real-world exploitation risk compared to the CVSS base score.
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
File Upload vulnerability in ChestnutCMS through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.