CVE-2026-36458
CriticalSummary
ChestnutCMS version 1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized access to the database and exposure of sensitive information. Organizations should be aware of the potential consequences related to data security.
Recommendation
It is recommended to update ChestnutCMS to the latest version to eliminate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify other potential flaws.
Original NVD description (English source)
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.

