Publiccms

publiccms

Vendor: Publiccms • 47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-40549 1Publiccms 1Publiccms Mar 25, 2025 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40548 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40547 1Publiccms 1Publiccms Mar 13, 2025 Jul 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.
CVE-2024-40546 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40545 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40544 1Publiccms 1Publiccms Mar 26, 2025 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
CVE-2024-40543 1Publiccms 1Publiccms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
CVE-2024-31759 1Publiccms 1Publiccms Jun 12, 2025 Apr 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
CVE-2024-2911 1Publiccms 1Publiccms Aug 21, 2025 Mar 26, 2024 6.9 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack...Show more A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-51252 1Publiccms 1Publiccms Jun 20, 2025 Jan 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is re...Show more PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.Show less
CVE-2023-46990 1Publiccms 1Publiccms Nov 21, 2024 Nov 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
CVE-2023-48204 1Publiccms 1Publiccms Nov 21, 2024 Nov 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.
CVE-2023-34852 1Publiccms 1Publiccms Dec 18, 2024 Jun 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
CVE-2020-20915 1Publiccms 1Publiccms Feb 14, 2025 Apr 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
CVE-2020-20914 1Publiccms 1Publiccms Feb 14, 2025 Apr 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
CVE-2022-3950 1Publiccms 1Publiccms Nov 21, 2024 Nov 11, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting....Show more A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.Show less
CVE-2021-27693 1Publiccms 1Publiccms Nov 21, 2024 Sep 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
CVE-2022-29784 1Publiccms 1Publiccms Nov 21, 2024 Jun 3, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.
CVE-2022-23389 1Publiccms 1Publiccms Nov 21, 2024 Feb 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
CVE-2021-40881 1Publiccms 1Publiccms Nov 21, 2024 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

Previous 123 Next