CVE-2024-56828

Name of the Vulnerable Software and Affected Versions ChestnutCMS versions prior to 1.5.0

Description The issue concerns a file upload vulnerability where the /api/member/avatar API endpoint receives a base64 string as input, which is then processed by the memberService.uploadAvatarByBase64 method. The base64-encoded image is parsed, and the decoded content is written to a file. However, the file extension is not validated, posing significant security risks since this functionality is exposed to the frontend.

Recommendations For ChestnutCMS versions prior to 1.5.0, as a temporary workaround, consider disabling the memberService.uploadAvatarByBase64 method until a patch is available. Restrict access to the /api/member/avatar endpoint to minimize the risk of exploitation. Avoid using the suffix variable in the affected API endpoint until the issue is resolved.