CNNVD-202511-982 Information

CNNVD ID

CNNVD-202511-982

Related CVE

CVE-2025-12923

• CNNVD Published: 2025-11-10

Description (Chinese)

ChestnutCMS是liweiyi个人开发者的一个前后端分离的企业级内容管理系统。 ChestnutCMS 1.5.8及之前版本存在路径遍历漏洞，该漏洞源于对文件/dev-api/common/download中参数path的错误操作，可能导致路径遍历攻击。

Description (English)

ChestnutCMS is an enterprise-level content management system that is separated from the back and back of the liweiyi personal developers. ChestnutCMS 1.5.8 and previous versions have path-to-path loopholes, which stem from an error in the path path of the parameter path in the document/dev-api/common/download, which may lead to a path-to-path attack.

Hazard Level

Critical

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-11-10

Last Modified

2026-02-24

References

https://github.com/Huu1j/CVE/blob/main/chestnutcms%20Arbitrary%20File%20Read.md https://vuldb.com/?ctiid.331643 https://vuldb.com/?id.331643 https://vuldb.com/?submit.681032 https://access.redhat.com/security/cve/cve-2025-12923