PublicCMS Path Traversal Vulnerability Leading to Remote Code Execution
Vulnerability
A path traversal vulnerability has been identified in PublicCMS version 5.202506.b, specifically within the file upload functionality of the SysSiteAdminController. The vulnerability arises because the application does not properly validate the original file names uploaded by users. Instead, it only checks for the file extension, allowing attackers to manipulate file names with path traversal characters to overwrite arbitrary files. This issue has been acknowledged and fixed by the application's owner.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where PublicCMS is hosted.
Reproduction
To reproduce this vulnerability, upload a file through the application's file upload feature, ensuring that the file name includes path traversal characters, such as '../'. The upload process will only verify the file extension, not the integrity of the file path, allowing the malicious file name to be processed and potentially overwrite sensitive files on the server.
Remediation
Users are advised to update to the latest version of PublicCMS, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.