| عنوان | liweiyi ChestnutCMS <=1.5.8 Unrestricted Upload |
|---|
| الوصف | In the /dev-api/common/upload endpoint, there is a flaw in the file extension extraction logic before the FilenameUtils.getExtension method is called. The system performs a special parsing operation on the file path to extract the suffix. If the filename contains specific characters (:// and wx_fmt=), the logic extracts the value between wx_fmt= and & (or the end of the string) as the file extension. Attackers can manipulate this behavior to bypass file extension restrictions. |
|---|
| المصدر | ⚠️ https://github.com/yuccun/CVE/blob/main/ChestnutCMS-Arbitrary_File_Upload.md |
|---|
| المستخدم | yuccun (UID 93614) |
|---|
| ارسال | 19/12/2025 04:03 AM (6 أشهر منذ) |
|---|
| الاعتدال | 21/12/2025 01:51 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 337715 [liweiyi ChestnutCMS حتى 1.5.8 Filename /dev-api/common/upload FilenameUtils.getExtension ملف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|