CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12914

A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/sanluan/PublicCMS/issues/13
https://github.com/sanluan/PublicCMS/issues/13

Products affected by CVE-2018-12914

Publiccms » Publiccms » Version: 4.0.20180210

cpe:2.3:a:publiccms:publiccms:4.0.20180210

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12914

Products

Pricing

Contact Us