CVE-2023-46990
https://notcve.org/view.php?id=CVE-2023-46990
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. La deserialización de datos no confiables en PublicCMS v.4.0.202302.e permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función writeReplace. • https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 • CWE-502: Deserialization of Untrusted Data •
CVE-2023-48204
https://notcve.org/view.php?id=CVE-2023-48204
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. Un problema en PublicCMS v.4.0.202302.e permite a un atacante remoto obtener información confidencial a través del parámetro appToken y Parameters del componente api/method/getHtml. • https://github.com/sanluan/PublicCMS/issues/77 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-34852
https://notcve.org/view.php?id=CVE-2023-34852
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. • https://github.com/funny-kill/CVE-2023-34852 https://github.com/funny-kill/CVE-2023-34852/blob/main/CVE-2023-34852.md https://github.com/sanluan/PublicCMS •