Vulnerabilities (CVE)

Filtered by vendor Publiccms Subscribe
Filtered by product Publiccms
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20915 1 Publiccms 1 Publiccms 2024-11-21 N/A 9.8 CRITICAL
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
CVE-2020-20914 1 Publiccms 1 Publiccms 2024-11-21 N/A 9.8 CRITICAL
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
CVE-2018-18927 1 Publiccms 1 Publiccms 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.
CVE-2018-17368 1 Publiccms 1 Publiccms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-12914 1 Publiccms 1 Publiccms 2024-11-21 7.5 HIGH 9.8 CRITICAL
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
CVE-2018-12494 1 Publiccms 1 Publiccms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
CVE-2018-12493 1 Publiccms 1 Publiccms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
CVE-2018-11500 1 Publiccms 1 Publiccms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.
CVE-2024-11175 1 Publiccms 1 Publiccms 2024-11-15 4.0 MEDIUM 4.8 MEDIUM
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.