Vulnerabilities > Publiccms > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-12 CVE-2024-40543 Server-Side Request Forgery (SSRF) vulnerability in Publiccms
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
network
low complexity
publiccms CWE-918
8.8
8.8
2024-07-12 CVE-2024-40544 Server-Side Request Forgery (SSRF) vulnerability in Publiccms
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
network
low complexity
publiccms CWE-918
8.8
8.8
2024-07-12 CVE-2024-40545 Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
publiccms CWE-434
8.8
8.8
2024-07-12 CVE-2024-40546 Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
publiccms CWE-434
8.8
8.8
2024-07-12 CVE-2024-40548 Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
publiccms CWE-434
8.8
8.8
2024-07-12 CVE-2024-40549 Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
publiccms CWE-434
8.8
8.8
2024-07-12 CVE-2024-40550 Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
publiccms CWE-434
8.8
8.8
2024-07-12 CVE-2024-40551 Unrestricted Upload of File with Dangerous Type vulnerability in Publiccms
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
publiccms CWE-434
8.8
8.8
2024-07-12 CVE-2024-40552 Unspecified vulnerability in Publiccms
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
network
low complexity
publiccms
8.8
8.8
2021-09-15 CVE-2021-40881 Unspecified vulnerability in Publiccms 4.0
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.
network
low complexity
publiccms
7.5
7.5