| शीर्षक | PublicCMS V5.202506.d server-side template injection |
|---|
| विवरण | PublicCMS contains a post-auth server-side template injection issue in the templateResult API. A low-privilege app token that is only authorized to access templateResult can still invoke other internal directives from inside template content because template-internal execution does not reapply authorizedApis checks. This allows attackers to bypass API authorization boundaries and read sensitive server information such as system properties and disk details. |
|---|
| स्रोत | ⚠️ https://vulnplus-note.wetolink.com/share/ILcCnOvJ1fMc |
|---|
| उपयोगकर्ता | vulnplusbot (UID 96250) |
|---|
| सबमिशन | 22/04/2026 11:03 AM (1 महीना पहले) |
|---|
| संयम | 16/05/2026 12:36 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 364328 [Sanluan PublicCMS 5.202506.d templateResult API TemplateResultDirective.java execute templateContent अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|