Publiccms
Monthly
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. [CVSS 8.7 HIGH]
Path traversal in Sanluan PublicCMS 6.202506.d's Template Cache Generation component allows authenticated remote attackers to manipulate the saveMetadata function and access arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor who has not responded to disclosure attempts.
Improper authorization in Sanluan PublicCMS versions up to 4.0.202506.d, 5.202506.d, and 6.202506.d allows authenticated attackers to manipulate the paymentId parameter in the Trade Payment Handler, potentially leading to integrity and availability impacts. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific conditions. A patch is available and should be applied promptly to affected Java-based deployments.
PublicCMS versions up to 5.202506.d contain an authorization bypass in the Trade Address Deletion endpoint that allows authenticated attackers to manipulate request parameters and delete arbitrary trade addresses. The vulnerability is network-accessible, requires valid credentials, and has public exploit code available with no patch currently provided. An attacker with legitimate access could leverage this flaw to perform unauthorized data deletion affecting the trade functionality.
Path traversal in Sanluan PublicCMS up to version 5.202506.d allows remote attackers with high privileges to manipulate the path parameter in the Task Template Management handler, enabling unauthorized file access or manipulation. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. [CVSS 8.7 HIGH]
Path traversal in Sanluan PublicCMS 6.202506.d's Template Cache Generation component allows authenticated remote attackers to manipulate the saveMetadata function and access arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor who has not responded to disclosure attempts.
Improper authorization in Sanluan PublicCMS versions up to 4.0.202506.d, 5.202506.d, and 6.202506.d allows authenticated attackers to manipulate the paymentId parameter in the Trade Payment Handler, potentially leading to integrity and availability impacts. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific conditions. A patch is available and should be applied promptly to affected Java-based deployments.
PublicCMS versions up to 5.202506.d contain an authorization bypass in the Trade Address Deletion endpoint that allows authenticated attackers to manipulate request parameters and delete arbitrary trade addresses. The vulnerability is network-accessible, requires valid credentials, and has public exploit code available with no patch currently provided. An attacker with legitimate access could leverage this flaw to perform unauthorized data deletion affecting the trade functionality.
Path traversal in Sanluan PublicCMS up to version 5.202506.d allows remote attackers with high privileges to manipulate the path parameter in the Task Template Management handler, enabling unauthorized file access or manipulation. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.