CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40546
https://notcve.org/view.php?id=CVE-2024-40546
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAKYP • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40548
https://notcve.org/view.php?id=CVE-2024-40548
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALCK • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40543
https://notcve.org/view.php?id=CVE-2024-40543
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. • https://gitee.com/sanluan/PublicCMS/issues/IAAITR • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40547
https://notcve.org/view.php?id=CVE-2024-40547
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. • https://gitee.com/sanluan/PublicCMS/issues/IAAL70 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40545
https://notcve.org/view.php?id=CVE-2024-40545
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAIZD • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40552
https://notcve.org/view.php?id=CVE-2024-40552
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. • https://gitee.com/sanluan/PublicCMS/issues/IAAMMU •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40544
https://notcve.org/view.php?id=CVE-2024-40544
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. • https://gitee.com/sanluan/PublicCMS/issues/IAAIX8 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40551
https://notcve.org/view.php?id=CVE-2024-40551
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAM5W • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40549
https://notcve.org/view.php?id=CVE-2024-40549
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALNE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40550
https://notcve.org/view.php?id=CVE-2024-40550
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALWJ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •