Publiccms
by Sanluan
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11070 | 0.00 | — | 0.00 | Nov 11, 2024 | A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site… | |||
| CVE-2024-31759 | 0.00 | — | 0.01 | Apr 16, 2024 | An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | |||
| CVE-2023-46990 | 0.00 | — | 0.01 | Nov 20, 2023 | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | |||
| CVE-2020-20914 | 0.00 | — | 0.01 | Apr 4, 2023 | SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | |||
| CVE-2020-20915 | 0.00 | — | 0.01 | Apr 4, 2023 | SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | |||
| CVE-2022-3950 | 0.00 | — | 0.00 | Nov 11, 2022 | A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of… | |||
| CVE-2021-27693 | 0.00 | — | 0.01 | Sep 2, 2022 | Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | |||
| CVE-2022-23389 | 0.00 | — | 0.22 | Feb 14, 2022 | PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | |||
| CVE-2018-18927 | 0.00 | — | 0.01 | Nov 4, 2018 | An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. |
- CVE-2024-11070Nov 11, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site…
- CVE-2024-31759Apr 16, 2024risk 0.00cvss —epss 0.01
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
- CVE-2023-46990Nov 20, 2023risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
- CVE-2020-20914Apr 4, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
- CVE-2020-20915Apr 4, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
- CVE-2022-3950Nov 11, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of…
- CVE-2021-27693Sep 2, 2022risk 0.00cvss —epss 0.01
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
- CVE-2022-23389Feb 14, 2022risk 0.00cvss —epss 0.22
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
- CVE-2018-18927Nov 4, 2018risk 0.00cvss —epss 0.01
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.
Page 2 of 2