Vulnerabilities > Publiccms > Publiccms > 4.0.202302.e

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-46990 Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
network
low complexity
publiccms CWE-502
critical
 9.8
9.8
2023-11-16 CVE-2023-48204 Server-Side Request Forgery (SSRF) vulnerability in Publiccms 4.0.202302.E
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.
network
low complexity
publiccms CWE-918
6.5
6.5