cbcvebase.

Sanluan Publiccms vulnerabilities

15 known vulnerabilities affecting sanluan/publiccms.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM12

Vulnerabilities

Page 1 of 1
CVE-2026-3289P2CRITICALCVSS 9.8v6.202506.d2026-02-27
CVE-2026-3289 [CRITICAL] CWE-22 CVE-2026-3289: A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetada A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for att
nvd
CVE-2026-1112P3HIGHCVSS 8.1v5.202506.av5.202506.b+2 more2026-01-18
CVE-2026-1112 [HIGH] CWE-266 CVE-2026-1112: A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. The attack may be initi
nvd
CVE-2026-1111P3HIGHCVSS 7.2v5.202506.av5.202506.b+2 more2026-01-18
CVE-2026-1111 [HIGH] CWE-22 CVE-2026-1111: A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been di
nvd
CVE-2026-8740P3MEDIUMCVSS 6.3v5.202506.d2026-05-17
CVE-2026-8740 [MEDIUM] CWE-791 CVE-2026-8740: A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent causes improper neutralization of special elements used in a
nvd
CVE-2026-8738P3MEDIUMCVSS 6.5v5.202506.d2026-05-17
CVE-2026-8738 [MEDIUM] CWE-840 CVE-2026-8738: A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the component Trade Payment Flow. The manipulation leads to busine
nvd
CVE-2026-8737P3MEDIUMCVSS 5.3v5.202506.d2026-05-17
CVE-2026-8737 [MEDIUM] CWE-287 CVE-2026-8737: A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function exec A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argument userId/id can lead to missing authentication. The att
nvd
CVE-2026-8739P4MEDIUMCVSS 5.3v5.202506.d2026-05-17
CVE-2026-8739 [MEDIUM] CWE-320 CVE-2026-8739: A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function g A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile_key results in use of hard-coded cryptographic key . The attack can be executed remotely. The
nvd
CVE-2025-7949P4MEDIUMCVSS 6.1v5.202506.a2025-07-22
CVE-2025-7949 [MEDIUM] CWE-601 CVE-2025-7949: A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely.
nvd
CVE-2025-7953P4MEDIUMCVSS 6.1v5.202506.a2025-07-22
CVE-2025-7953 [MEDIUM] CWE-601 CVE-2025-7953: A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.20 A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit
nvd
CVE-2024-11070P4MEDIUMCVSS 5.4v5.202406.d2024-11-11
CVE-2024-11070 [MEDIUM] CWE-79 CVE-2024-11070: A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed
nvd
CVE-2026-5987P4MEDIUMCVSS 4.7v4.0.202506.av4.0.202506.b+4 more2026-04-09
CVE-2026-5987 [MEDIUM] CWE-791 CVE-2026-5987: A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the f A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler. Such manipulation leads to improper neutralization of s
nvd
CVE-2022-3950P4MEDIUMCVSS 6.1vn/a2022-11-11
CVE-2022-3950 [MEDIUM] CWE-707 CVE-2022-3950: A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is th A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended t
nvd
CVE-2026-6797P4MEDIUMCVSS 4.3v6.202506.av6.202506.b+2 more2026-04-21
CVE-2026-6797 [MEDIUM] CWE-400 CVE-2026-6797: A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to launch the attack remotely. The vendor was contacted earl
nvd
CVE-2026-6796P4MEDIUMCVSS 4.3v6.202506.av6.202506.b+2 more2026-04-21
CVE-2026-6796 [MEDIUM] CWE-312 CVE-2026-6796: A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate
nvd
CVE-2026-2010P4MEDIUMCVSS 4.2v4.0.202506.av4.0.202506.b+10 more2026-02-06
CVE-2026-2010 [MEDIUM] CWE-266 CVE-2026-2010: A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impact A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorizat
nvd
Sanluan Publiccms vulnerabilities | cvebase