Login Sign Up

CVE-2024-40552

8.8 HIGH
Remote Code Execution

📋 TL;DR

PublicCMS v4.0.202302.e contains a remote code execution vulnerability in the ScriptComponent.java file via the cmdarray parameter. This allows attackers to execute arbitrary commands on the server with the privileges of the web application. Any organization running this specific version of PublicCMS is affected.

💻 Affected Systems

Products:
  • PublicCMS
Versions: v4.0.202302.e
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only this specific version is confirmed vulnerable. Other versions may be affected but not confirmed.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing data theft, malware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment leading to data exfiltration, credential harvesting, and use as a pivot point for further attacks.

🟢

If Mitigated

Limited impact due to network segmentation, minimal privileges, and active monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is publicly documented with technical details, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version beyond v4.0.202302.e

Vendor Advisory: https://gitee.com/sanluan/PublicCMS/issues/IAAMMU

Restart Required: Yes

Instructions:

1. Backup current installation and data. 2. Download latest PublicCMS version from official source. 3. Replace vulnerable files with patched version. 4. Restart web application server. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to reject malicious cmdarray parameter values

Modify /site/ScriptComponent.java to sanitize cmdarray input

Web Application Firewall Rule

all

Block requests containing suspicious cmdarray parameter patterns

WAF rule: Block requests with cmdarray parameter containing shell metacharacters

🧯 If You Can't Patch

  • Network segmentation to isolate PublicCMS from critical systems
  • Implement strict outbound firewall rules to limit command execution impact

🔍 How to Verify

Check if Vulnerable:

Check PublicCMS version in admin panel or by examining version files. If version is exactly v4.0.202302.e, system is vulnerable.

Check Version:

Check web interface or examine version.txt in installation directory

Verify Fix Applied:

After update, verify version is newer than v4.0.202302.e and test that cmdarray parameter no longer executes arbitrary commands.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /site/ScriptComponent.java
  • Commands like 'whoami', 'id', 'ls', 'cat' in URL parameters
  • Multiple failed exploitation attempts

Network Indicators:

  • Outbound connections from web server to unusual destinations
  • Command and control traffic patterns

SIEM Query:

source="web_logs" AND uri="/site/ScriptComponent.java" AND (param="cmdarray" OR contains(param, "cmd"))

📊 Metadata

CVE ID: CVE-2024-40552
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: July 12, 2024
Last Updated: March 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40552, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)