📦 Chestnutcms

ChestnutCMS versions up to 1.5.0 contain a file upload vulnerability in the Create template function that allows attackers to upload malicious files. This can lead to remote code execution, compromisi...

This CVE describes a file upload vulnerability in ChestnutCMS that allows attackers to upload arbitrary files by bypassing extension validation. Attackers can upload malicious files like HTML, JavaScr...

A remote code execution vulnerability in ChestnutCMS v1.5.8 and earlier allows attackers to execute arbitrary code through the template creation function. This affects all systems running vulnerable v...

ChestnutCMS versions 1.5.0 and earlier contain a directory traversal vulnerability in the FileController component that allows attackers to access arbitrary directories on the server. This affects all...

CVE-2025-15009 is an arbitrary file upload vulnerability in ChestnutCMS up to version 1.5.8 that allows attackers to upload malicious files to the server. This affects systems running vulnerable versi...

This vulnerability in ChestnutCMS allows attackers to perform path traversal attacks via the resourceDownload function, enabling unauthorized file reads. Attackers can remotely exploit this to access ...