VYPR

Publiccms

by Publiccms

Source repositories

CVEs (38)

  • CVE-2018-11500HigMay 26, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.

  • CVE-2026-8738MedMay 17, 2026
    risk 0.42cvss 6.5epss 0.00

    A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.j…

  • CVE-2026-3289MedFeb 27, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely.…

  • CVE-2026-1112MedJan 18, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation…

  • CVE-2026-1111MedJan 18, 2026
    risk 0.31cvss 4.7epss 0.01

    A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to…

  • CVE-2026-2010MedFeb 6, 2026
    risk 0.27cvss 4.2epss 0.00

    A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment…

  • CVE-2025-7953LowJul 22, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File…

  • CVE-2025-7949LowJul 22, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the…

  • CVE-2025-69437Feb 27, 2026
    risk 0.00cvss epss 0.00

    PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded…

  • CVE-2025-65837Dec 22, 2025
    risk 0.00cvss epss 0.00

    PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.

  • CVE-2025-65836Dec 1, 2025
    risk 0.00cvss epss 0.00

    PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

  • CVE-2025-65838Dec 1, 2025
    risk 0.00cvss epss 0.00

    PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.

  • CVE-2025-65840Dec 1, 2025
    risk 0.00cvss epss 0.00

    PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.

  • CVE-2025-57516Sep 29, 2025
    risk 0.00cvss epss 0.01

    OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file.

  • CVE-2025-25361Mar 6, 2025
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.

  • CVE-2024-11175Nov 13, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely.…

  • CVE-2024-46410Oct 8, 2024
    risk 0.00cvss epss 0.00

    PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature

  • CVE-2024-42523Aug 23, 2024
    risk 0.00cvss epss 0.01

    publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData

  • CVE-2024-40550Jul 12, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-40551Jul 12, 2024
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

Page 1 of 2