Vulnerabilities (CVE)

Filtered by vendor Publiccms Subscribe
Filtered by product Publiccms
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12493 1 Publiccms 1 Publiccms 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
CVE-2018-12914 1 Publiccms 1 Publiccms 2024-02-04 7.5 HIGH 9.8 CRITICAL
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
CVE-2018-11500 1 Publiccms 1 Publiccms 2024-02-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.
CVE-2018-12494 1 Publiccms 1 Publiccms 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.