CVE-2018-12914

2018-06-2718:00:00

mitre

www.cve.org

AI Score

9.9

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

References

github.com/sanluan/PublicCMS/issues/13