CVE-2024-57451 – ChestnutCMS versions 1.5.0 and earlier contain ... (How to Fix)

Q: What is the severity of CVE-2024-57451?

CVE-2024-57451 has a CVSS score of 7.5 (HIGH). ChestnutCMS versions 1.5.0 and earlier contain a directory traversal vulnerability in the FileController component that allows attackers to access arbitrary directories on the server. This affects all deployments of vulnerable ChestnutCMS versions. Attackers can potentially view sensitive files and directory contents.

📋 TL;DR

ChestnutCMS versions 1.5.0 and earlier contain a directory traversal vulnerability in the FileController component that allows attackers to access arbitrary directories on the server. This affects all deployments of vulnerable ChestnutCMS versions. Attackers can potentially view sensitive files and directory contents.

💻 Affected Systems

Products:

ChestnutCMS

Versions: <= 1.5.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Chestnutcms by 1000mz

View all CVEs affecting Chestnutcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive configuration files, credentials, or source code, leading to complete system compromise or data exfiltration.

🟠

Likely Case

Attackers enumerate directory structures and access files containing sensitive information like configuration files, logs, or backup files.

🟢

If Mitigated

Limited exposure of non-critical directory contents with proper file permissions and web server restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of directory traversal techniques but no authentication is needed to access the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 1.5.0

Vendor Advisory: https://locrian-lightning-dc7.notion.site/Directory-traversal-1628e5e2b1a280fdb463c2235acc7f75

Restart Required: No

Instructions:

1. Upgrade ChestnutCMS to version newer than 1.5.0. 2. Verify the patch has been applied by checking the FileController component. 3. Test directory traversal attempts are properly blocked.

🔧 Temporary Workarounds

Web Server Path Restriction

all

Configure web server to restrict access to parent directories and implement input validation for file paths.

🧯 If You Can't Patch

Implement strict input validation to reject directory traversal sequences in file path parameters
Configure web application firewall (WAF) rules to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Attempt to access the vulnerable endpoint with directory traversal payloads like '../../etc/passwd' and check if restricted files are returned.

Check Version:

Check ChestnutCMS version in admin panel or configuration files

Verify Fix Applied:

Test the same directory traversal attempts after patching to confirm they are properly blocked or return error messages.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' sequences to FileController endpoints
Unusual file access patterns from single IP addresses

Network Indicators:

HTTP requests with path traversal payloads in URL parameters

SIEM Query:

source="web_logs" AND (uri="*../*" OR params="*../*") AND uri="*FileController*"

📊 Metadata

CVE ID: CVE-2024-57451

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.67% exploit probability (70.8th percentile)

Published: February 3, 2025

Last Updated: May 13, 2025

🔗 References

https://locrian-lightning-dc7.notion.site/Directory-traversal-1628e5e2b1a280fdb463c2235acc7f75 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57451, you might also want to check these: