CVE-2026-36458

216.73.216.233

· Published 07/05/2026 15:16 · Modified 07/05/2026 15:53

Labels: CVE-2026-36458 2026-05-07 CVE-2026-36458 [email protected]

Essential information

Published: 07/05/2026 15:16
Modified: 07/05/2026 15:53
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.

NVD status

Status: Deferred — When a CVE is given this status the NVD does not plan analyze or re-analyze this CVE due to resource or other concerns.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
chestnutcms / chestnutcms	`cpe:2.3:a:chestnutcms:chestnutcms:1.5.10:::::::*`

CVE-2026-36458

Essential information

Description

NVD status

Affected products (CPE)

References