Description
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
Published: 2026-05-07
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored SQL injection flaw exists in the cms_content tag of ChestnutCMS version 1.5.10. Manipulating the content parameter through the admin backend allows an attacker to inject arbitrary SQL into the query that executes when the template is rendered. This can lead to unauthorized disclosure, modification, or deletion of data within the CMS database, as the vulnerability stems from unvalidated input that is directly concatenated into SQL statements, reflecting CWE-94.

Affected Systems

The vulnerability impacts installations of ChestnutCMS version 1.5.10. Users who have permission to edit the cms_content tag in the admin area are the ones who can trigger the injection; other users without such rights are unaffected.

Risk and Exploitability

The EPSS score is < 1% and the issue is not listed in CISA's KEV catalog, indicating that documented exploitation is scarce. Nevertheless, the flaw provides direct SQL injection capabilities, so the potential for database compromise remains high if an attacker gains admin access or if credentials are weak. The attack vector is inferred to require admin‑level access to the cms_content tag; disclosure or exploitation from external sources is unlikely without first compromising the backend.

Generated by OpenCVE AI on May 9, 2026 at 03:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the ChestnutCMS repository or vendor site for an official patch or upgrade that addresses the SQL injection issue.
  • Restrict access to the cms_content tag so that only trusted administrators can use it; consider disabling the feature entirely for low‑privilege accounts.
  • Implement parameterized queries or prepared statements for any database interactions that involve the cms_content parameter to eliminate uncontrolled input concatenation.

Generated by OpenCVE AI on May 9, 2026 at 03:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 04:00:00 +0000

Type Values Removed Values Added
Title ChestnutCMS 1.5.10 SQL injection via cms_content tag

Sat, 09 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title ChestnutCMS v1.5.10 SQL Injection via cms_content tag
Weaknesses CWE-89

Fri, 08 May 2026 23:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Liweiyi
Liweiyi chestnutcms
Vendors & Products Liweiyi
Liweiyi chestnutcms

Thu, 07 May 2026 16:00:00 +0000

Type Values Removed Values Added
Title ChestnutCMS v1.5.10 SQL Injection via cms_content tag
Weaknesses CWE-89

Thu, 07 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
References

Subscriptions

Liweiyi Chestnutcms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T22:27:36.783Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36458

cve-icon Vulnrichment

Updated: 2026-05-08T22:27:20.333Z

cve-icon NVD

Status : Deferred

Published: 2026-05-07T15:16:05.523

Modified: 2026-05-08T23:16:35.313

Link: CVE-2026-36458

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T03:45:03Z

Weaknesses