Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-36458: ChestnutCMS SQL Injection in Admin Backend
CVE-2026-36458
Summary
An attacker can inject malicious SQL code into the ChestnutCMS admin backend, potentially allowing them to access or modify sensitive data. This vulnerability affects the admin backend of ChestnutCMS version 1.5.10. To protect your site, update to a patched version of ChestnutCMS.
Original title
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
Original description
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
Vulnerability type
CWE-94
Code Injection
Published: 7 May 2026 · Updated: 2 Jun 2026 · First seen: 7 May 2026