CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46990
https://notcve.org/view.php?id=CVE-2023-46990
20 Nov 2023 — Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. La deserialización de datos no confiables en PublicCMS v.4.0.202302.e permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función writeReplace. • https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48204
https://notcve.org/view.php?id=CVE-2023-48204
15 Nov 2023 — An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. Un problema en PublicCMS v.4.0.202302.e permite a un atacante remoto obtener información confidencial a través del parámetro appToken y Parameters del componente api/method/getHtml. • https://github.com/sanluan/PublicCMS/issues/77 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34852
https://notcve.org/view.php?id=CVE-2023-34852
15 Jun 2023 — PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. • https://github.com/funny-kill/CVE-2023-34852 • CWE-732: Incorrect Permission Assignment for Critical Resource •