sanluan

19 exploits Active since Jun 2022
CVE-2024-11070 GITEE LOW java
Publiccms - Code Injection
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2,673 stars
CVSS 3.5
CVE-2024-11175 GITEE LOW java
Publiccms - Code Injection
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.
2,673 stars
CVSS 3.5
CVE-2024-40545 GITEE HIGH java
PublicCMS <4.0.202302.e - RCE
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
2,673 stars
CVSS 8.8
CVE-2024-40543 GITEE HIGH java
PublicCMS v4.0.202302.e - SSRF
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
2,673 stars
CVSS 8.8
CVE-2024-40544 GITEE HIGH java
PublicCMS <4.0.202302.e - SSRF
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
2,673 stars
CVSS 8.8
CVE-2024-40550 GITEE HIGH java
Public CMS <4.0.202302.e - RCE
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
2,673 stars
CVSS 8.8
CVE-2024-42523 GITEE HIGH java
publiccms <V4.0.202302.e - Any File Upload
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData
2,673 stars
CVSS 7.2
CVE-2024-40552 GITEE HIGH java
PublicCMS <4.0.202302.e - RCE
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
2,673 stars
CVSS 8.8
CVE-2024-40551 GITEE HIGH java
PublicCMS <4.0.202302.e - RCE
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
2,673 stars
CVSS 8.8
CVE-2024-40549 GITEE HIGH java
PublicCMS <4.0.202302.e - RCE
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
2,673 stars
CVSS 8.8
CVE-2024-40548 GITEE HIGH java
PublicCMS <4.0.202302.e - RCE
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
2,673 stars
CVSS 8.8
CVE-2024-40547 GITEE MEDIUM java
PublicCMS <4.0.202302.e - Code Injection
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.
2,673 stars
CVSS 6.5
CVE-2024-40546 GITEE HIGH java
PublicCMS <4.0.202302.e - RCE
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
2,673 stars
CVSS 8.8
CVE-2024-11175 WRITEUP LOW WRITEUP
Publiccms - Code Injection
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.
CVSS 3.5
CVE-2021-27693 WRITEUP CRITICAL WRITEUP
PublicCMS <4.0.202011.b - SSRF
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
CVSS 9.8
CVE-2022-29784 WRITEUP MEDIUM WRITEUP
Publiccms < 4.0.202204.a - Information Disclosure
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.
CVSS 5.3
CVE-2022-3950 WRITEUP LOW WRITEUP
Publiccms < 4.0.202204.d - XSS
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.
CVSS 3.5
CVE-2025-7949 WRITEUP LOW WRITEUP
Sanluan PublicCMS <5.202506.a - Open Redirect
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.
CVSS 3.5
CVE-2025-7953 WRITEUP LOW WRITEUP
Sanluan PublicCMS <5.202506.a - Open Redirect
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.
CVSS 3.5