Vendor CVEs
Sanluan
All CVEs
29 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12914 | Cri | 0.64 | 9.8 | 0.04 | Jun 27, 2018 | A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | ||
| CVE-2018-12494 | Med | 0.42 | 6.5 | 0.02 | Jun 15, 2018 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | ||
| CVE-2018-12493 | Med | 0.42 | 6.5 | 0.02 | Jun 15, 2018 | An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | ||
| CVE-2026-8740 | Med | 0.41 | 6.3 | 0.00 | May 17, 2026 | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument… | ||
| CVE-2026-3289 | Med | 0.41 | 6.3 | 0.01 | Feb 27, 2026 | A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely.… | ||
| CVE-2026-1112 | Med | 0.35 | 5.4 | 0.00 | Jan 18, 2026 | A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation… | ||
| CVE-2018-17368 | Med | 0.35 | 5.3 | 0.01 | Sep 23, 2018 | An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | ||
| CVE-2026-8739 | Med | 0.34 | 5.3 | 0.00 | May 17, 2026 | A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile_key results in use… | ||
| CVE-2026-8737 | Med | 0.34 | 5.3 | 0.00 | May 17, 2026 | A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a… | ||
| CVE-2026-5987 | Med | 0.31 | 4.7 | 0.00 | Apr 9, 2026 | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker… | ||
| CVE-2026-1111 | Med | 0.31 | 4.7 | 0.01 | Jan 18, 2026 | A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to… | ||
| CVE-2026-6797 | Med | 0.28 | 4.3 | 0.00 | Apr 21, 2026 | A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption.… | ||
| CVE-2026-6796 | Med | 0.28 | 4.3 | 0.00 | Apr 21, 2026 | A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword… | ||
| CVE-2026-2010 | Med | 0.27 | 4.2 | 0.00 | Feb 6, 2026 | A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment… | ||
| CVE-2025-7953 | Low | 0.23 | 3.5 | 0.00 | Jul 22, 2025 | A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File… | ||
| CVE-2025-7949 | Low | 0.23 | 3.5 | 0.00 | Jul 22, 2025 | A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the… | ||
| CVE-2025-65837 | 0.00 | — | 0.00 | Dec 22, 2025 | PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module. | |||
| CVE-2025-65840 | 0.00 | — | 0.00 | Dec 1, 2025 | PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController. | |||
| CVE-2025-65836 | 0.00 | — | 0.00 | Dec 1, 2025 | PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController. | |||
| CVE-2025-65838 | 0.00 | — | 0.00 | Dec 1, 2025 | PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method. | |||
| CVE-2024-11070 | 0.00 | — | 0.00 | Nov 11, 2024 | A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site… | |||
| CVE-2024-31759 | 0.00 | — | 0.01 | Apr 16, 2024 | An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | |||
| CVE-2023-46990 | 0.00 | — | 0.01 | Nov 20, 2023 | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | |||
| CVE-2020-20914 | 0.00 | — | 0.01 | Apr 4, 2023 | SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | |||
| CVE-2020-20915 | 0.00 | — | 0.01 | Apr 4, 2023 | SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | |||
| CVE-2022-3950 | 0.00 | — | 0.00 | Nov 11, 2022 | A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of… | |||
| CVE-2021-27693 | 0.00 | — | 0.01 | Sep 2, 2022 | Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | |||
| CVE-2022-23389 | 0.00 | — | 0.22 | Feb 14, 2022 | PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | |||
| CVE-2018-18927 | 0.00 | — | 0.01 | Nov 4, 2018 | An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. |
- risk 0.64cvss 9.8epss 0.04
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument…
- risk 0.41cvss 6.3epss 0.01
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely.…
- risk 0.35cvss 5.4epss 0.00
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation…
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
- risk 0.34cvss 5.3epss 0.00
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile_key results in use…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a…
- risk 0.31cvss 4.7epss 0.00
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker…
- risk 0.31cvss 4.7epss 0.01
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword…
- risk 0.27cvss 4.2epss 0.00
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment…
- risk 0.23cvss 3.5epss 0.00
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the…
- CVE-2025-65837Dec 22, 2025risk 0.00cvss —epss 0.00
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.
- CVE-2025-65840Dec 1, 2025risk 0.00cvss —epss 0.00
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
- CVE-2025-65836Dec 1, 2025risk 0.00cvss —epss 0.00
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
- CVE-2025-65838Dec 1, 2025risk 0.00cvss —epss 0.00
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
- CVE-2024-11070Nov 11, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site…
- CVE-2024-31759Apr 16, 2024risk 0.00cvss —epss 0.01
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
- CVE-2023-46990Nov 20, 2023risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
- CVE-2020-20914Apr 4, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
- CVE-2020-20915Apr 4, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
- CVE-2022-3950Nov 11, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of…
- CVE-2021-27693Sep 2, 2022risk 0.00cvss —epss 0.01
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
- CVE-2022-23389Feb 14, 2022risk 0.00cvss —epss 0.22
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
- CVE-2018-18927Nov 4, 2018risk 0.00cvss —epss 0.01
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.