Primary

Context

ChestnutCMS Unrestricted File Upload Vulnerability in the File Upload API

Vulnerability

Patched

A critical vulnerability allowing unrestricted file uploads has been identified in ChestnutCMS versions through 1.5.2. The issue arises in the 'uploadFile' function of the '/dev-api/cms/file/upload' endpoint, where inadequate validation of the 'file' argument enables directory traversal and the upload of malicious files. This vulnerability can be exploited remotely and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the execution of malicious files on the server, potentially causing a denial-of-service or other harmful effects depending on the nature of the uploaded file.

Reproduction

To reproduce this vulnerability, send a POST request to the '/dev-api/cms/file/upload' endpoint with a crafted HTML file that includes a script tag. The request must include the appropriate authorization tokens and cookies to simulate an admin user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ChestnutCMS Unrestricted File Upload Vulnerability in the File Upload API

Vulnerability

Impact

Reproduction

Affected Products

ChestnutCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating