Approved changes feed: RSS · Atom

cpe:2.3:a:1000mz:chestnutcms:1.5.2:*:*:*:*:*:*:*

part: a version: 1.5.2 update: *

Vendor1000Mz (167c91fb-80a3-5255-98c5-8d627801c667)
ProductChestnutcms (73cac130-a650-586d-940a-79d803db718e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/liweiyi/chestnutcms purl2cpe 2026-06-01 10:16:26.815137

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-2032 vulnerable 2026-06-08 07:14:57.797867 ChestnutCMS rename renameFile path traversal
LOW (3.5)
A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used.
Published: 2025-03-06T16:31:04.530Z
Updated: 2025-03-12T21:12:05.980Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2031 vulnerable 2026-06-08 07:14:57.797416 ChestnutCMS upload uploadFile unrestricted upload
MEDIUM (6.3)
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-03-06T16:00:09.784Z
Updated: 2025-03-06T16:28:30.900Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.