Vulnerabilities > Publiccms > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-46990 Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
network
low complexity
publiccms CWE-502
critical
 9.8
9.8
2023-06-15 CVE-2023-34852 Unspecified vulnerability in Publiccms
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.
network
low complexity
publiccms
critical
 9.8
9.8
2022-02-14 CVE-2022-23389 OS Command Injection vulnerability in Publiccms 4.0
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
network
low complexity
publiccms CWE-78
critical
 9.8
9.8