| Title | publiccms PublicCMS <= V5.202506.d Remote Code Execution (RCE) |
|---|
| Description | A critical path traversal vulnerability exists in the task template management system that allows authenticated administrators to write arbitrary files to the filesystem. By exploiting the weak path sanitization, an attacker can overwrite system scripts that are later executed by the scheduled task system, leading to remote code execution with server privileges.
|
|---|
| Source | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/2 |
|---|
| User | Ana10gy (UID 93358) |
|---|
| Submission | 01/06/2026 16:05 (5 months ago) |
|---|
| Moderation | 01/17/2026 09:58 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341703 [Sanluan PublicCMS up to 5.202506.d Task Template Management TaskTemplateAdminController.java save path path traversal] |
|---|
| Points | 18 |
|---|