CNNVD-202512-4010 Information

CNNVD ID

CNNVD-202512-4010

Related CVE

CVE-2025-15009

• CNNVD Published: 2025-12-22

Description (Chinese)

ChestnutCMS是liweiyi个人开发者的一个前后端分离的企业级内容管理系统。 liweiyi ChestnutCMS 1.5.8及之前版本存在代码问题漏洞，该漏洞源于组件Filename Handler中文件/dev-api/common/upload的参数File的错误操作，可能导致无限制上传。

Description (English)

ChestnutCMS is an enterprise-level content management system that is separated from the back and back of the liweiyi personal developers. There is a code problem loophole in lweiyi ChestnutCMS 1.5.8 and earlier versions, which stems from the error of File, the parameter file/dev-api/common/upload in component Filename Handler, which may lead to unlimited upload.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-12-22

Last Modified

2026-02-24

References

https://vuldb.com/?submit.719590 https://github.com/yuccun/CVE/blob/main/ChestnutCMS-Arbitrary_File_Upload.md#vulnerability-proof https://vuldb.com/?id.337715 https://vuldb.com/?ctiid.337715 https://access.redhat.com/security/cve/cve-2025-15009