Filtered by vendor Publiccms
Subscribe
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20915 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | |||||
| CVE-2020-20914 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | |||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | |||||
| CVE-2018-17368 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | |||||
| CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | |||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | |||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | |||||
| CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | |||||
| CVE-2024-11175 | 1 Publiccms | 1 Publiccms | 2024-11-15 | 4.0 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue. | |||||