Chestnutcms
Sign in to watchby Liweiyi
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-36458 | Cri | 0.64 | 9.8 | 0.00 | May 7, 2026 | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. | |
| CVE-2025-12923 | Low | 0.18 | 2.7 | 0.00 | Nov 10, 2025 | A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. |