Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Chestnutcms
(1000mz)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-03-28 | CVE-2025-2917 | A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | Chestnutcms | 7.5 | ||
| 2025-02-03 | CVE-2024-57450 | ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. | Chestnutcms | N/A | ||
| 2025-02-03 | CVE-2024-57452 | ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. | Chestnutcms | N/A | ||
| 2025-02-03 | CVE-2024-57451 | ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. | Chestnutcms | N/A | ||
| 2025-03-06 | CVE-2025-2031 | A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | Chestnutcms | 7.6 | ||
| 2025-03-06 | CVE-2025-2032 | A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used. | Chestnutcms | 3.5 |