CVE-2026-36458
Published
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS
Description
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
ChestnutCMS是前后端分离的内容管理系统。技术栈:SpringBoot3 + VUE2 + MybatisPlus + Freemarker + ES + Redis + MySQL,项目基于RuoYi-Vue重构,集成SaToken用户权限,xxl-job任务调度。支持站群管理、多平台静态化、元数据模型扩展、轻松组织文章、音视频、图集等各种复杂内容形态、支持多语言、全文检索。
GitHubGitHub