publiccms 漏洞与 CVE 列表(47)

产品(CPE): — CVE 数: 47

publiccms 漏洞概览

汇总 publiccms 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 CSRF、SQL 注入、开放重定向与输入验证问题,在 生产负载与软件部署 使用场景中可能带来 文件覆盖、数据泄露与异常行为 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12047 CVE 数
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-69437 PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can be triggered, resulting in issues such as credential theft, arbitrary API execution, and other security concerns. This vulnerability affects all file upload endpoint, including /cmsTemplate/save, /file/ [email protected] 8.7 0.34% 2026-02-27 2026-06-17
CVE-2026-3289 A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 2.1 0.68% 2026-02-27 2026-06-17
CVE-2026-2010 A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has [email protected] 1.3 0.33% 2026-02-06 2026-06-17
CVE-2026-1112 A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in a [email protected] 2.1 0.39% 2026-01-18 2026-06-17
CVE-2026-1111 A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 2.0 0.64% 2026-01-18 2026-06-17
CVE-2025-65837 PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module. [email protected] 5.4 0.14% 2025-12-22 2026-06-17
CVE-2025-65840 PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController. [email protected] 8.8 0.15% 2025-12-01 2026-06-17
CVE-2025-65838 PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method. [email protected] 7.5 0.38% 2025-12-01 2026-06-17
CVE-2025-65836 PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController. [email protected] 9.1 0.28% 2025-12-01 2026-06-17
CVE-2025-57516 OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file. [email protected] 8.2 1.15% 2025-09-29 2026-06-17
CVE-2025-7953 A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch [email protected] 2.0 0.29% 2025-07-22 2026-06-17
CVE-2025-7949 A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5 [email protected] 2.0 0.27% 2025-07-21 2026-06-17
CVE-2025-25361 An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. [email protected] 9.8 0.65% 2025-03-06 2026-06-17
CVE-2024-11175 A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue. [email protected] 5.3 0.49% 2024-11-13 2026-06-17
CVE-2024-11070 A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.3 0.37% 2024-11-11 2026-06-17
CVE-2024-46410 PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature [email protected] 4.8 0.27% 2024-10-08 2026-06-17
CVE-2024-42523 publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData [email protected] 7.2 0.51% 2024-08-23 2026-06-17
CVE-2024-40552 PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. [email protected] 8.8 0.72% 2024-07-12 2026-06-17
CVE-2024-40551 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. [email protected] 8.8 0.42% 2024-07-12 2026-06-17
CVE-2024-40550 An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. [email protected] 8.8 0.99% 2024-07-12 2026-06-17
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
cvelogic Threat Intelligence