Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46990 | 1 Publiccms | 1 Publiccms | 2023-11-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | |||||
| CVE-2023-48204 | 1 Publiccms | 1 Publiccms | 2023-11-21 | N/A | 6.5 MEDIUM |
| An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. | |||||
| CVE-2022-29784 | 1 Publiccms | 1 Publiccms | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | |||||
| CVE-2022-23389 | 1 Publiccms | 1 Publiccms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | |||||
| CVE-2021-27693 | 1 Publiccms | 1 Publiccms | 2022-09-08 | N/A | 9.8 CRITICAL |
| Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | |||||
| CVE-2021-40881 | 1 Publiccms | 1 Publiccms | 2021-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. | |||||
| CVE-2020-21333 | 1 Publiccms | 1 Publiccms | 2021-07-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | |||||
| CVE-2018-17368 | 1 Publiccms | 1 Publiccms | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | |||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2019-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | |||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2019-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | |||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | |||||
| CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2018-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | |||||
| CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | |||||