VYPR

Publiccms

by Publiccms

Source repositories

CVEs (38)

  • CVE-2024-40545Jul 12, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-40547Jul 12, 2024
    risk 0.00cvss epss 0.00

    PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.

  • CVE-2024-40543Jul 12, 2024
    risk 0.00cvss epss 0.00

    PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.

  • CVE-2024-40549Jul 12, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-40548Jul 12, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-40552Jul 12, 2024
    risk 0.00cvss epss 0.01

    PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.

  • CVE-2024-40546Jul 12, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-40544Jul 12, 2024
    risk 0.00cvss epss 0.00

    PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.

  • CVE-2024-2911Mar 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…

  • CVE-2023-51252Jan 10, 2024
    risk 0.00cvss epss 0.00

    PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.

  • CVE-2023-46990Nov 20, 2023
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.

  • CVE-2023-48204Nov 15, 2023
    risk 0.00cvss epss 0.01

    An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.

  • CVE-2023-34852Jun 15, 2023
    risk 0.00cvss epss 0.01

    PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.

  • CVE-2020-20915Apr 4, 2023
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.

  • CVE-2021-27693Sep 2, 2022
    risk 0.00cvss epss 0.01

    Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.

  • CVE-2022-29784Jun 3, 2022
    risk 0.00cvss epss 0.01

    PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.

  • CVE-2022-23389Feb 14, 2022
    risk 0.00cvss epss 0.22

    PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.

  • CVE-2021-40881Sep 15, 2021
    risk 0.00cvss epss 0.02

    An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

Page 2 of 2