CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27693
https://notcve.org/view.php?id=CVE-2021-27693
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. Una vulnerabilidad de tipo Server-side Request Forgery (SSRF) en PublicCMS versiones anteriores a 4.0.202011.b, por medio de /publiccms/admin/ueditor cuando la acción es catchimage • https://github.com/sanluan/PublicCMS/commit/0f4c4872914b6a71305e121a7d9a19c07cde0338 https://github.com/sanluan/PublicCMS/issues/51 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29784
https://notcve.org/view.php?id=CVE-2022-29784
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. PublicCMS versiones V4.0.202204.a y anteriores, contienen un filtrado de información por medio del componente /views/directive/sys/SysConfigDataDirective.java • https://github.com/JinYiTong/CVE-Req/blob/main/publiccms/publiccms.md https://github.com/sanluan/PublicCMS/commit/d8d7626cf51e4968fb384e1637a3c0c9921f33e9 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-23389
https://notcve.org/view.php?id=CVE-2022-23389
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. Se ha detectado que PublicCMS versión v4.0 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro cmdarray • https://github.com/sanluan/PublicCMS/issues/59 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40881
https://notcve.org/view.php?id=CVE-2021-40881
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. Un problema en los parámetros BAT file de PublicCMS versión v4.0, permite a atacantes ejecutar código arbitrario • https://github.com/sanluan/PublicCMS/issues/57 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21333
https://notcve.org/view.php?id=CVE-2020-21333
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en PublicCMS versión 4.0, para obtener una cookie de administrador cuando el administrador revisa el envío de un caso • https://github.com/sanluan/PublicCMS/issues/27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •