Invia #719590: liweiyi ChestnutCMS <=1.5.8 Unrestricted Uploadinformazioni

Titololiweiyi ChestnutCMS <=1.5.8 Unrestricted Upload
DescrizioneIn the /dev-api/common/upload endpoint, there is a flaw in the file extension extraction logic before the FilenameUtils.getExtension method is called. The system performs a special parsing operation on the file path to extract the suffix. If the filename contains specific characters (:// and wx_fmt=), the logic extracts the value between wx_fmt= and & (or the end of the string) as the file extension. Attackers can manipulate this behavior to bypass file extension restrictions.
Fonte⚠️ https://github.com/yuccun/CVE/blob/main/ChestnutCMS-Arbitrary_File_Upload.md
Utente
 yuccun (UID 93614)
Sottomissione19/12/2025 04:03 (7 mesi fa)
Moderazione21/12/2025 13:51 (2 days later)
StatoAccettato
Voce VulDB337715 [liweiyi ChestnutCMS fino a 1.5.8 Filename /dev-api/common/upload FilenameUtils.getExtension File escalationi di privilegi]
Punti20

Want to know what is going to be exploited?

We predict KEV entries!