Publiccms
by Publiccms
Source repositories
CVEs (38)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40545 | 0.00 | — | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-40547 | 0.00 | — | 0.00 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. | |||
| CVE-2024-40543 | 0.00 | — | 0.00 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. | |||
| CVE-2024-40549 | 0.00 | — | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-40548 | 0.00 | — | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-40552 | 0.00 | — | 0.01 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | |||
| CVE-2024-40546 | 0.00 | — | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-40544 | 0.00 | — | 0.00 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. | |||
| CVE-2024-2911 | 0.00 | — | 0.00 | Mar 26, 2024 | A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and… | |||
| CVE-2023-51252 | 0.00 | — | 0.00 | Jan 10, 2024 | PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. | |||
| CVE-2023-46990 | 0.00 | — | 0.01 | Nov 20, 2023 | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | |||
| CVE-2023-48204 | 0.00 | — | 0.01 | Nov 15, 2023 | An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. | |||
| CVE-2023-34852 | 0.00 | — | 0.01 | Jun 15, 2023 | PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. | |||
| CVE-2020-20915 | 0.00 | — | 0.01 | Apr 4, 2023 | SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | |||
| CVE-2021-27693 | 0.00 | — | 0.01 | Sep 2, 2022 | Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | |||
| CVE-2022-29784 | 0.00 | — | 0.01 | Jun 3, 2022 | PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | |||
| CVE-2022-23389 | 0.00 | — | 0.22 | Feb 14, 2022 | PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | |||
| CVE-2021-40881 | 0.00 | — | 0.02 | Sep 15, 2021 | An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. |
- CVE-2024-40545Jul 12, 2024risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-40547Jul 12, 2024risk 0.00cvss —epss 0.00
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.
- CVE-2024-40543Jul 12, 2024risk 0.00cvss —epss 0.00
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
- CVE-2024-40549Jul 12, 2024risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-40548Jul 12, 2024risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-40552Jul 12, 2024risk 0.00cvss —epss 0.01
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
- CVE-2024-40546Jul 12, 2024risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-40544Jul 12, 2024risk 0.00cvss —epss 0.00
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
- CVE-2024-2911Mar 26, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…
- CVE-2023-51252Jan 10, 2024risk 0.00cvss —epss 0.00
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.
- CVE-2023-46990Nov 20, 2023risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
- CVE-2023-48204Nov 15, 2023risk 0.00cvss —epss 0.01
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.
- CVE-2023-34852Jun 15, 2023risk 0.00cvss —epss 0.01
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
- CVE-2020-20915Apr 4, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
- CVE-2021-27693Sep 2, 2022risk 0.00cvss —epss 0.01
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
- CVE-2022-29784Jun 3, 2022risk 0.00cvss —epss 0.01
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.
- CVE-2022-23389Feb 14, 2022risk 0.00cvss —epss 0.22
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
- CVE-2021-40881Sep 15, 2021risk 0.00cvss —epss 0.02
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.
Page 2 of 2