LinZhaoguan pb-cms Deserialization Vulnerability in Add New Topic Handler

Vulnerability

A critical deserialization vulnerability has been identified in LinZhaoguan pb-cms version 1.0.0. The issue arises in the Add New Topic Handler, specifically within the file '/admin#themes'. The vulnerability can be exploited remotely by manipulating the 'Topic Key' argument.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LinZhaoguan pb-cms Deserialization Vulnerability in Add New Topic Handler

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating