CVE-2025-70073

High CVSS: 7.2

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function

Vendor

Product

CWE

Yayın Tarihi

2026-02-05 18:16:10

Güncelleme

2026-02-12 17:30:51

Source Identifier

cve@mitre.org

KEV Date Added

CWE-94 Chestnutcms HIGH 1000mz 2026

https://github.com/liweiyi/ChestnutCMS/issues/8

Medium

CVE-2025-15009

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExten…

Medium

CVE-2025-12923

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownl…

Medium

CVE-2025-5552

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknow…

Medium

CVE-2025-2917

A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function rea…

Medium

CVE-2025-2032

A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function rename…

Medium

CVE-2025-2031

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile o…