A remote code execution issue exists in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
publiccms publiccms 4.0.20180210 |