Описание
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Ссылки
- ExploitThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.8 (включая)
cpe:2.3:a:1000mz:chestnutcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.0018
Низкий
2.7 Low
CVSS3
4.9 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 2.7
github
3 месяца назад
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
EPSS
Процентиль: 40%
0.0018
Низкий
2.7 Low
CVSS3
4.9 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-22