liweiyi/ChestnutCMS

GitHub

github.com

Releases7

Frequency4 months 4 days

Last Release 25 days ago

Stars170

ChestnutCMS是前后端分离的内容管理系统。技术栈：SpringBoot3 + VUE2 + MybatisPlus + Freemarker + ES + Redis + MySQL，项目基于RuoYi-Vue重构，集成SaToken用户权限，xxl-job任务调度。支持站群管理、多平台静态化、元数据模型扩展、轻松组织文章、音视频、图集等各种复杂内容形态、支持多语言、全文检索。

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-36458 ↗	May 7, 2026Thursday, 7 May 2026, 15:16	9.8 CRITICAL	—
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
CVE-2025-70073 ↗	Feb 5, 2026Thursday, 5 February 2026, 18:16	7.2 HIGH	—
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function