ChestnutCMS Path Traversal Vulnerability in File Rename Function

A path traversal vulnerability has been identified in ChestnutCMS version 1.5.2. The issue arises in the file rename function within the file '/cms/file/rename'. By manipulating the 'rename' argument, attackers can traverse directories and potentially access or modify files outside of the intended directory structure. This vulnerability requires authentication to exploit.

Impact

Exploitation of this vulnerability allows for arbitrary file transfer on the server, with the potential to overwrite files in any location accessible by the web server.

Reproduction

To reproduce this vulnerability, send a POST request to '/cms/file/rename' with an authorization token and an Admin-Token. Include a 'filePath' parameter specifying the target file location and a 'rename' parameter with a value that includes directory traversal sequences (such as '../') to manipulate the file path. The request should be made with the appropriate cookies and headers to simulate an authenticated admin user.