Publiccms
Monthly
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. [CVSS 8.7 HIGH]
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Open redirect vulnerability in Sanluan PublicCMS up to version 5.202506.a allows authenticated remote attackers to redirect users to arbitrary URLs via manipulation of the File parameter in the PDF.js viewer component, requiring user interaction to trigger the redirect. The vulnerability has publicly available exploit code and affects the PDF viewer resource file, though real-world impact is limited by the requirement for prior authentication and user click interaction.
Open redirect vulnerability in Sanluan PublicCMS up to version 5.202506.a allows authenticated remote attackers with low privileges to redirect users to arbitrary external URLs via manipulation of the url parameter in the admin preview functionality. The vulnerability requires user interaction (clicking a malicious link) and impacts integrity but not confidentiality or availability. Publicly available exploit code exists, and vendor patches are available.
An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. [CVSS 8.7 HIGH]
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Open redirect vulnerability in Sanluan PublicCMS up to version 5.202506.a allows authenticated remote attackers to redirect users to arbitrary URLs via manipulation of the File parameter in the PDF.js viewer component, requiring user interaction to trigger the redirect. The vulnerability has publicly available exploit code and affects the PDF viewer resource file, though real-world impact is limited by the requirement for prior authentication and user click interaction.
Open redirect vulnerability in Sanluan PublicCMS up to version 5.202506.a allows authenticated remote attackers with low privileges to redirect users to arbitrary external URLs via manipulation of the url parameter in the admin preview functionality. The vulnerability requires user interaction (clicking a malicious link) and impacts integrity but not confidentiality or availability. Publicly available exploit code exists, and vendor patches are available.
An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.