Product
publiccms
47 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-69437
CVE-2026-3289
CVE-2026-2010
CVE-2026-1112
CVE-2026-1111
CVE-2025-65837
CVE-2025-65840
CVE-2025-65838
CVE-2025-65836
CVE-2025-57516
CVE-2025-7953
CVE-2025-7949
CVE-2025-25361
CVE-2024-11175
CVE-2024-11070
CVE-2024-46410
CVE-2024-42523
CVE-2024-40552
CVE-2024-40551
CVE-2024-40550
CVE-2024-40549
CVE-2024-40548
CVE-2024-40547
CVE-2024-40546
CVE-2024-40545
CVE-2024-40544
CVE-2024-40543
CVE-2024-31759
CVE-2024-2911
CVE-2023-51252
CVE-2023-46990
CVE-2023-48204
CVE-2023-34852
CVE-2020-20915
CVE-2020-20914
CVE-2022-3950
CVE-2021-27693
CVE-2022-29784
CVE-2022-23389
CVE-2021-40881
CVE-2020-21333
CVE-2018-18927
CVE-2018-17368
CVE-2018-12914
CVE-2018-12494
CVE-2018-12493
CVE-2018-11500
<= 5.202506.d
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF securi
all versions
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheCo
<= 4.0.202506.d
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the
<= 5.202506.d
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/m
<= 5.202506.d
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/con
all versions
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.
all versions
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
all versions
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
all versions
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
all versions
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arb
< 5.202506.b
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects som
< 5.202506.b
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerabili
all versions
An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attack
all versions
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of th
all versions
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unkn
all versions
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category
<= 4.0.202302.e
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData
<= 4.0.202302.e
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /s
<= 4.0.202302.e
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to
<= 4.0.202302.e
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows a
<= 4.0.202302.e
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers t
<= 4.0.202302.e
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to exe
<= 4.0.202302.e
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cms
<= 4.0.202302.e
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to exec
<= 4.0.202302.e
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to
<= 4.0.202302.e
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTa
<= 4.0.202302.e
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=cat
all versions
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
all versions
A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. Th
all versions
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided,
all versions
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted scr
all versions
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters para
<= 4.0.202302
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
all versions
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the t
all versions
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql param
< 4.0.202204.d
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the fil
< 4.0.202011.b
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is
<= 4.0.202204.a
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.
all versions
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
all versions
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.
all versions
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
all versions
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'cla
all versions
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whet
all versions
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp
all versions
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via a
all versions
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via a
all versions
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurr