PT-2025-45585 · Liweiyi · Chestnutcms
Huu1J
·
Publicado
2025-11-10
·
Atualizado
2025-11-21
·
CVE-2025-12923
CVSS v3.1
4.9
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
liweiyi ChestnutCMS versions up to 1.5.8
Description
A flaw exists in the
resourceDownload function located in the /dev-api/common/download file. Manipulation of the path argument can result in path traversal, allowing for remote exploitation. The exploit for this issue has been made public.Recommendations
versions prior to 1.5.9
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Chestnutcms