21 matches found
CVE-2024-42523
CVE-2024-42523 affects PublicCMS v4.0.202302.e and earlier. The vulnerability is an arbitrary file upload via the endpoint publiccms/admin/cmsTemplate/saveMetaData, potentially enabling unauthorized file upload and security breaches as described across Red Hat, NVD, OSV, CNNVD and other sources. ...
CVE-2024-40548
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40543
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery SSRF via the component /admin/ueditor?action=catchimage...
CVE-2024-40547
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace...
CVE-2024-40549
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40545
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40546
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40548
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40545
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40545
CVE-2024-40545 affects PublicCMS v4.0.202302.e, with an arbitrary file upload vulnerability in the /admin/cmsWebFile/doUpload component that can allow arbitrary code execution through a crafted file. Public details show high impact (C/H/I/A) and are supported by multiple sources (NVD/CNA) with CV...
CVE-2024-40551
PublicCMS v4.0.202302.e contains an arbitrary file upload vulnerability in the /admin/cmsTemplate/doUpload endpoint, enabling code execution via a crafted upload. The issue is documented across multiple sources (NVD/Red Hat/OSV/CNNVD) with the same description. Connected material from PT-Security...
CVE-2024-40546
PublicCMS v4.0.202302.e contains an arbitrary file upload vulnerability in the /admin/cmsWebFile/save component that allows an attacker to execute arbitrary code by uploading a crafted file. CVSS v3.1 shows high impact (C, I, A), with network access, low attack complexity, and privileges required...
CVE-2024-40551
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40549
PublicCMS v4.0.202302.e is affected by CVE-2024-40549 due to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlace component, which can allow an attacker to execute arbitrary code via a crafted file. The CVE is documented across multiple feeds (NVD, Red Hat, CNNVD, OSV, etc.)...
CVE-2024-40546
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40545
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40549
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40548
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40551
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...
PublicCMS Code Issues Vulnerabilities
PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A code issue vulnerability exists in PublicCMS version v4.0.202302.e, which stems from vulnerability to server-side request forgery attacks...