CVE-2024-56828 is a critical file upload vulnerability found in ChestnutCMS through version 1.5.0. The vulnerability exists in the /api/member/avatar API endpoint, which accepts a base64-encoded string representing an image file. The server-side method memberService.uploadAvatarByBase64 decodes this base64 string and extracts the file extension from the data URI prefix without validating it against a whitelist of allowed image types. Specifically, the substring between the 11th character and the first semicolon is used as the file extension, which can be manipulated by an attacker to upload files with dangerous extensions such as .html, .php, or other executable types. The decoded content is then written directly to the server's filesystem. Because the endpoint is accessible from the frontend and does not require authentication or user interaction, an attacker can remotely upload malicious files that may lead to remote code execution, data theft, or server compromise. The vulnerability is categorized under CWE-434, indicating an unrestricted file upload of dangerous types. The CVSS v3.1 score is 9.8 (critical), reflecting the ease of exploitation (network vector, no privileges, no user interaction) and the severe impact on confidentiality, integrity, and availability. No patches or mitigations are currently linked, and no known exploits have been reported in the wild as of the publication date. This vulnerability demands immediate attention from organizations using ChestnutCMS to prevent potential exploitation.

The impact of CVE-2024-56828 is severe for organizations using ChestnutCMS, as it allows unauthenticated remote attackers to upload arbitrary files to the server. This can lead to remote code execution, enabling attackers to execute malicious scripts, gain persistent access, steal sensitive data, or disrupt services. The lack of file extension validation means attackers can upload web shells or other executable files disguised as images, bypassing typical security controls. The vulnerability compromises confidentiality by exposing sensitive user or system data, integrity by allowing unauthorized code execution or data modification, and availability by potentially causing denial-of-service conditions through malicious payloads. Given the API is frontend-exposed and requires no authentication, the attack surface is broad, increasing the likelihood of exploitation. Organizations relying on ChestnutCMS for content management, especially those hosting sensitive or critical data, face significant risks including reputational damage, regulatory penalties, and operational disruption.

To mitigate CVE-2024-56828, organizations should immediately implement the following measures: 1) Apply any available official patches or updates from ChestnutCMS as soon as they are released. 2) Implement strict server-side validation of file types by enforcing a whitelist of allowed MIME types and file extensions for uploaded avatars, rejecting any files that do not conform. 3) Sanitize and validate the base64 input thoroughly before decoding, ensuring the data URI prefix matches expected image formats (e.g., image/png, image/jpeg). 4) Store uploaded files outside the web root or in directories with restricted execution permissions to prevent execution of uploaded malicious files. 5) Employ web application firewalls (WAFs) to detect and block suspicious upload attempts. 6) Monitor server logs for unusual file upload patterns or unexpected file types. 7) Restrict API endpoint access where possible, such as requiring authentication or rate limiting to reduce exposure. 8) Conduct regular security audits and penetration testing focused on file upload functionalities. These targeted actions go beyond generic advice and address the root cause of the vulnerability effectively.