CVE-2024-40547

PublicCMS v4.0.202302.e contains an arbitrary file content replacement vulnerability reachable via the /admin/cmsTemplate/replace endpoint. Affects the PublicCMS 4.0.202302.e release; root cause details describe arbitrary file content replacement through the specified API. Impact is privacy/integ...

PT-2024-28914 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue is related to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlace component. This allows attackers to execute arbitrary code by uploading a crafted file...

CVE-2023-44381

CVE-2023-44381 affects October CMS. Affected component: template rendering in the CMS where an authenticated backend user with editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions can craft a request to inject PHP code into a CMS template due to cms.safe_mode being enabled. Th...

Template Injection

October CMS is vulnerable to Template Injection. The vulnerability is caused by a crafted request which includes PHP code in the CMS template, where an authenticated backend user possessing the editor.cmspages, editor.cmslayouts, or editor.cmspartials can execute arbitrary PHP code even when the...

CVE-2022-35944

October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

Design/Logic Flaw

October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

CVE-2022-35944 October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)

October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

CVE-2018-12494

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI...

SoftXMLCMS upload 0day exploit-vulnerability warning-the black bar safety net

SoftXMLCMS includes a integrated HTML content display a CMS template. All this will give you a set of tools for creating a professional website in minimum time and cost-effective manner. SoftXMLCMS is written in JavaScript ASP IIS classics, and asked Microsoft and support...