1000mz Chestnutcms
11 CVEs affecting 1000mz Chestnutcms. Latest disclosed: 2026-02-05. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-57450 | Critical | 9.8 | 2025-02-03 | ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. |
CVE-2024-56828 | Critical | 9.8 | 2025-01-06 | File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base6… |
CVE-2024-57451 | High | 7.5 | 2025-02-03 | ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. |
CVE-2024-57452 | High | 7.5 | 2025-02-03 | ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. |
CVE-2025-70073 | High | 7.2 | 2026-02-05 | An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function |
CVE-2025-15009 | Medium | 6.3 | 2025-12-22 | A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload… |
CVE-2025-5552 | Medium | 6.3 | 2025-06-04 | A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec… |
CVE-2025-2031 | Medium | 6.3 | 2025-03-06 | A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. Th… |
CVE-2025-2917 | Medium | 4.3 | 2025-03-28 | A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/rea… |
CVE-2025-2032 | Low | 3.5 | 2025-03-06 | A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The… |
CVE-2025-12923 | Low | 2.7 | 2025-11-10 | A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/downloa… |