CVE-2018-12494
https://notcve.org/view.php?id=CVE-2018-12494
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. Se ha descubierto un problema en PublicCMS V4.0.20180210. Hay vulnerabilidades de salto de directorio y lectura de archivos arbitrarios mediante un URI admin/cmsTemplate/content.html? • https://github.com/sanluan/PublicCMS/issues/12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-12493
https://notcve.org/view.php?id=CVE-2018-12493
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. Se ha descubierto un problema en PublicCMS V4.0.20180210. Hay vulnerabilidades de salto de directorio y lectura de archivos arbitrarios mediante un URI admin/cmsWebFile/list.html? • https://github.com/sanluan/PublicCMS/issues/12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-11500
https://notcve.org/view.php?id=CVE-2018-11500
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. Se ha descubierto un problema en PublicCMS V4.0.20180210. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) en "admin/sysUser/save.do? • https://github.com/sanluan/PublicCMS/issues/11 • CWE-352: Cross-Site Request Forgery (CSRF) •