ChestnutCMS Deserialization Vulnerability in API Endpoint Allowing Arbitrary Code Execution

A critical deserialization vulnerability has been identified in ChestnutCMS versions through 15.1. This issue resides in the API endpoint '/dev-api/groovy/exec', where the application improperly validates Groovy scripts before execution. The vulnerability allows for arbitrary code execution, as the deserialized scripts can be crafted to execute malicious commands on the server. This flaw can be exploited remotely, posing a significant security risk.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where ChestnutCMS is running.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the '/dev-api/groovy/exec' endpoint. Send a POST request with a JSON payload containing a Groovy script that extends the 'BaseGroovyScript' class. The script should be crafted to execute a command and return the output. The response will include the result of the executed command, demonstrating successful exploitation.