ChestnutCMS
0 remedies
cpe:2.3:a:1000mz:chestnutcms:*:*:*:*:*:*:*
0 remedies
- <= 1.5.3
ChestnutCMS Path Traversal Vulnerability in File Read Function
Vulnerability
A path traversal vulnerability has been identified in ChestnutCMS versions through 1.5.3. The issue arises in the `readFile` function within the file `/dev-api/cms/file/read`. Manipulating the `filePath` argument allows for unauthorized file access by traversing directories. This vulnerability can be exploited remotely, potentially leading to the disclosure of sensitive files on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file read access, which could be used to access sensitive information on the server.
Reproduction
To reproduce this vulnerability, send a request to the `/dev-api/cms/file/read` endpoint with a crafted `filePath` argument that includes directory traversal sequences. The request can be made using a tool like Postman or cURL. Bypass the file type whitelist by first creating a file with a permissible extension, then use the traversal technique to access restricted files.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
7.8remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.