Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
PubliccmsPubliccms

34 matches found

CVE
CVEadded 2022/02/14 9:15 p.m.89 views

CVE-2022-23389

PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.

9.8CVSS9.9AI score0.10062EPSS
CVE
CVEadded 2022/06/03 9:15 p.m.60 views

CVE-2022-29784

PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.

5.3CVSS5.2AI score0.0022EPSS
CVE
CVEadded 2021/07/09 5:15 p.m.58 views

CVE-2020-21333

Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.

5.4CVSS5.2AI score0.00261EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.50 views

CVE-2024-40546

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8CVSS7.8AI score0.00844EPSS
CVE
CVEadded 2025/03/06 7:15 p.m.48 views

CVE-2025-25361

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.

9.8CVSS8AI score0.00144EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.47 views

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8CVSS7.8AI score0.00901EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.46 views

CVE-2024-40549

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8CVSS7.8AI score0.00407EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.46 views

CVE-2024-40551

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8CVSS7.8AI score0.00478EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.45 views

CVE-2024-40544

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.

8.8CVSS7.5AI score0.00164EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.45 views

CVE-2024-40545

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8CVSS7.8AI score0.00338EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.45 views

CVE-2024-40552

PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.

8.8CVSS7.7AI score0.01026EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.44 views

CVE-2024-40547

PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.

6.5CVSS7.6AI score0.00169EPSS
CVE
CVEadded 2021/09/15 10:15 p.m.42 views

CVE-2021-40881

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

9.8CVSS9.7AI score0.00853EPSS
CVE
CVEadded 2024/10/08 6:15 p.m.41 views

CVE-2024-46410

PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature

4.8CVSS6.2AI score0.00074EPSS
CVE
CVEadded 2024/04/16 11:15 p.m.40 views

CVE-2024-31759

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.

8.8CVSS7.2AI score0.00132EPSS
CVE
CVEadded 2024/08/23 4:15 p.m.39 views

CVE-2024-42523

publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData

7.2CVSS7.1AI score0.00141EPSS
CVE
CVEadded 2024/11/13 4:15 p.m.38 views

CVE-2024-11175

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS3.9AI score0.00075EPSS
CVE
CVEadded 2018/11/04 6:0 a.m.36 views

CVE-2018-18927

An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.

4.8CVSS4.9AI score0.00235EPSS
CVE
CVEadded 2024/11/11 3:15 p.m.36 views

CVE-2024-11070

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may ...

5.4CVSS4AI score0.00061EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.36 views

CVE-2024-40543

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.

8.8CVSS7.5AI score0.0012EPSS
CVE
CVEadded 2024/07/12 4:15 p.m.35 views

CVE-2024-40548

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.

8.8CVSS7.8AI score0.00464EPSS
CVE
CVEadded 2023/04/04 3:15 p.m.34 views

CVE-2020-20914

SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.

9.8CVSS9.8AI score0.0087EPSS
CVE
CVEadded 2022/09/02 6:15 p.m.34 views

CVE-2021-27693

Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.

9.8CVSS9.5AI score0.00106EPSS
CVE
CVEadded 2022/11/11 2:15 p.m.33 views

CVE-2022-3950

A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9...

6.1CVSS4.8AI score0.00063EPSS
CVE
CVEadded 2018/06/15 6:29 p.m.32 views

CVE-2018-12493

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.

6.5CVSS6.5AI score0.00529EPSS
CVE
CVEadded 2018/09/23 10:29 p.m.32 views

CVE-2018-17368

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

5.3CVSS5.2AI score0.00232EPSS
CVE
CVEadded 2023/06/15 8:15 p.m.32 views

CVE-2023-34852

PublicCMS

9.8CVSS9.4AI score0.00388EPSS
CVE
CVEadded 2023/04/04 3:15 p.m.31 views

CVE-2020-20915

SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.

9.8CVSS9.8AI score0.0087EPSS
CVE
CVEadded 2023/11/16 12:15 a.m.31 views

CVE-2023-48204

An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.

6.5CVSS6.2AI score0.00062EPSS
CVE
CVEadded 2018/06/15 6:29 p.m.29 views

CVE-2018-12494

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.

6.5CVSS6.5AI score0.00485EPSS
CVE
CVEadded 2018/06/27 6:29 p.m.28 views

CVE-2018-12914

A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

9.8CVSS9.8AI score0.02493EPSS
CVE
CVEadded 2018/05/26 9:29 p.m.27 views

CVE-2018-11500

An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.

8.8CVSS8.6AI score0.00118EPSS
CVE
CVEadded 2024/01/10 9:15 a.m.24 views

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.

5.4CVSS5.3AI score0.00165EPSS
CVE
CVEadded 2023/11/20 8:15 p.m.22 views

CVE-2023-46990

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.

9.8CVSS9.4AI score0.01323EPSS