CVE-2026-36458
SQL Injection in ChestnutCMS Admin Backend
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liweiyi | chestnutcms | to 1.5.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in ChestnutCMS v1.5.10 allows remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized access or manipulation of data stored within the system.
Such unauthorized data access or manipulation could impact compliance with common standards and regulations like GDPR or HIPAA, which require protection of sensitive personal or health information against unauthorized access and data breaches.
However, the provided information does not explicitly detail the nature of the data affected or specific compliance implications.
Can you explain this vulnerability to me?
ChestnutCMS version 1.5.10 contains a SQL injection vulnerability in the admin backend. The vulnerability arises because the content parameter of the cms_content tag can be manipulated and injected directly into a SQL query when the template is rendered.
An attacker can exploit this by editing the template file (index.template.html) in the Template Management section of the backend, inserting malicious SQL code into the content parameter, and triggering the injection by clicking the preview button.
This allows remote attackers to execute arbitrary SQL commands on the database.
How can this vulnerability impact me? :
This SQL injection vulnerability can allow attackers to execute arbitrary SQL commands on the backend database.
- Unauthorized access to sensitive data stored in the database.
- Manipulation or deletion of data, potentially causing data loss or corruption.
- Compromise of the integrity and confidentiality of the system's data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the admin backend of ChestnutCMS version 1.5.10, specifically by examining the content parameter of the cms_content tag in template files.
One way to detect the vulnerability is to attempt injecting SQL code into the content parameter within the Template Management section (e.g., editing index.template.html) and then triggering the injection by clicking the preview button to see if arbitrary SQL commands are executed.
Since the vulnerability involves SQL injection, you can also use SQL injection detection tools or scanners against the admin backend endpoints that handle template rendering.
Specific commands are not provided in the resources, but general SQL injection detection commands or tools such as sqlmap can be used targeting the admin backend URL where the cms_content tag is processed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the admin backend to trusted users only, as the vulnerability requires manipulation of the content parameter in the admin backend.
Avoid editing or previewing templates in the Template Management section until a patch or fix is applied.
Monitor and audit template files for any unauthorized changes, especially to the content parameter of the cms_content tag.
If possible, update or patch ChestnutCMS to a version that addresses this SQL injection vulnerability once available.