[CVE-ID]

CVE-2024-57450

[PRODUCT]

Chestnutcms

[Vendor of Product]

https://github.com/liweiyi/ChestnutCMS

https://gitee.com/liweiyi/ChestnutCMS

[VERSION]

ChestnutCMS≤v1.5.0

[Vulnerability Type]

File Upload

[Description]

The default setting of ChestnutCMS only allows uploading template files with the.template.html extension. However, there is a feature in the backend that allows you to modify the file extension of the uploaded template files.

In the system configuration, locate the template file extension setting option and change .template.html to .php or .html (or whichever file extension you wish to upload).

image.png

After changing the extension to .php, you will be able to create .php files in the template upload section.

image.png

Create a .php template file.

image.png

[poc]