Publiccms: >> Publiccms >> 4.0.20180210 Security Vulnerabilities
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
CVSS Score
9.8
EPSS Score
0.025
Published
2018-06-27
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-06-15
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-06-15
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-05-26