PublicCMS Arbitrary File Upload Vulnerability in CmsWebFileAdminController Allowing Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in PublicCMS version 4.0.202406. The issue resides in the CmsWebFileAdminController component, where attackers can upload crafted SVG or XML files to execute arbitrary code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where PublicCMS is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PublicCMS Arbitrary File Upload Vulnerability in CmsWebFileAdminController Allowing Code Execution

Vulnerability

Impact

Affected Products

PublicCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating