📦 Publiccms
by Publiccms
🔍 What is Publiccms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
PublicCMS V5.202506.b contains a Server-Side Request Forgery (SSRF) vulnerability in the chat interface of SimpleAiAdminController. This allows attackers to make unauthorized requests to internal syst...
This vulnerability allows attackers to upload malicious SVG or XML files to PublicCMS v4.0.202406, potentially leading to remote code execution. Attackers can exploit the /cms/CmsWebFileAdminControlle...
PublicCMS versions up to V4.0.202302 have insecure permissions that allow attackers to bypass authentication and gain unauthorized access. This affects all users running vulnerable versions of PublicC...
This is a critical SQL injection vulnerability in PublicCMS v4.0 that allows remote attackers to execute arbitrary SQL commands via the sql parameter in SysSiteAdminControl. Attackers can potentially ...
PublicCMS v4.0 contains a remote code execution vulnerability via the cmdarray parameter that allows attackers to execute arbitrary commands on the server. This affects all deployments of PublicCMS v4...
This vulnerability in PublicCMS v4.0 allows attackers to execute arbitrary code through BAT file parameter manipulation. It affects all systems running the vulnerable version of PublicCMS. Attackers c...
PublicCMS V5.202506.b contains a CSRF vulnerability in the CkEditorAdminController that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all us...
PublicCMS V5.202506.b contains a path traversal vulnerability in the doUploadSitefile method that allows attackers to write arbitrary files to unintended directories. This affects all systems running ...
PublicCMS versions up to V4.0.202302.e contain an unrestricted file upload vulnerability in the template metadata management endpoint. This allows authenticated attackers to upload arbitrary files, po...
PublicCMS v4.0.202302.e contains a Server-Side Request Forgery vulnerability in the UEditor component's image capture functionality. This allows attackers to make the server send arbitrary HTTP reques...
This vulnerability allows attackers to upload malicious files to the PublicCMS administration interface, leading to remote code execution. It affects PublicCMS v4.0.202302.e installations with the vul...
This vulnerability allows attackers to upload malicious files to the PublicCMS admin interface, leading to remote code execution. Any organization running PublicCMS v4.0.202302.e is affected. Attacker...
This vulnerability allows attackers to upload arbitrary files to the Public CMS admin interface, which can lead to remote code execution. It affects Public CMS v.4.0.202302.e installations with the vu...
PublicCMS v4.0.202302.e contains a remote code execution vulnerability in the ScriptComponent.java file via the cmdarray parameter. This allows attackers to execute arbitrary commands on the server wi...
This vulnerability in sanluan PublicCMS v4.0.202302.e allows attackers to escalate privileges through the change password function. Attackers can gain administrative access by exploiting insufficient ...
This CVE describes an improper authorization vulnerability in Sanluan PublicCMS's trade payment handler. Attackers can manipulate payment IDs to bypass authorization checks, potentially accessing unau...
This CVE describes an improper authorization vulnerability in Sanluan PublicCMS's trade address deletion endpoint. Attackers can remotely manipulate the 'ids' parameter to delete trade addresses witho...
This CVE describes a path traversal vulnerability in Sanluan PublicCMS that allows attackers to write files to arbitrary locations on the server. The vulnerability affects PublicCMS installations up t...
PublicCMS V5.202506.b contains a cross-site scripting (XSS) vulnerability in its Content Search module. This allows attackers to inject malicious scripts that execute in users' browsers when they inte...
PublicCMS V4.0.202406.d contains a stored cross-site scripting (XSS) vulnerability in the Category Management feature. Attackers can inject malicious scripts that execute when administrators view or m...
PublicCMS v4.0.202302.e contains an arbitrary file content replacement vulnerability in the /admin/cmsTemplate/replace component. This allows authenticated attackers with admin access to modify any fi...