Submit #809917: PublicCMS V5.202506.d Anonymous Private File Downloadinfo

TitlePublicCMS V5.202506.d Anonymous Private File Download
DescriptionPublicCMS uses a predictable default privatefile_key to protect private file download URLs. Because the key can be derived from known values and the cluster identifier is exposed through an anonymous API, attackers can forge valid signatures offline and download private files without authentication once a file path is known. This results in a real unauthorized data disclosure vulnerability.
Source⚠️ https://vulnplus-note.wetolink.com/share/PCVUlOncmwTC
User
 vulnplusbot (UID 96250)
Submission04/22/2026 10:52 (3 months ago)
Moderation05/16/2026 12:36 (24 days later)
StatusAccepted
VulDB entry364327 [Sanluan PublicCMS 5.202506.d SafeConfigComponent.java getSignKey privatefile_key hard-coded key]
Points20

Want to know what is going to be exploited?

We predict KEV entries!