Description
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-01-18
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Path Traversal Allowing Arbitrary File Write
Action: Patch Now
AI Analysis

Impact

A path traversal vulnerability exists in the Save function of TaskTemplateAdminController within Sanluan PublicCMS. By manipulating the input path argument, an attacker can cause the application to write files outside the intended directory. This can enable the creation or overwriting of arbitrary files on the webroot or other writable locations, potentially leading to compromised web content, defacement, or execution of malicious scripts. The vulnerability is classified as CWE‑22 and carries a CVSS score of 5.1, indicating moderate risk. Public disclosure means an exploit is available for use against undisclosed or susceptible systems.

Affected Systems

Sanluan PublicCMS versions up to 5.202506.d are affected. No additional version data is provided, so all installations of the product released through this date remain vulnerable unless updated. The specific component impacted is the Task Template Management Handler implemented in com/publiccms/controller/admin/sys/TaskTemplateAdminController.java.

Risk and Exploitability

The exploit can be launched remotely through the web interface’s save endpoint, and the EPSS score is less than 1 %, implying low to moderate probability of exploitation in the current landscape. The vulnerability is not listed in the CISA KEV catalog, indicating it has not been observed in the wild as of the latest data. However, given the public availability of exploit code and the lack of response by the vendor, an attacker could reasonably exploit the flaw to place arbitrary files if the application is reachable over the network. The risk is limited to the data and files that the web application can write; if the directory permissions are restricted, the damage could be contained to the webroot or administered directories.

Generated by OpenCVE AI on April 18, 2026 at 05:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or upgrade Sanluan PublicCMS to a version that properly validates the path parameter and includes the fix for the path traversal in TaskTemplateAdminController
  • Implement application layer controls such as a web application firewall or input filtering to detect and block malicious path traversal patterns before they reach the controller
  • Restrict file write permissions on the directories used by the CMS and enforce least privilege for the application process, ensuring that even if a traversal occurs, critical system files remain protected
  • Restrict administrative access to the TaskTemplateAdminController endpoint through authentication and authorization controls, limiting exposure to trusted users only

Generated by OpenCVE AI on April 18, 2026 at 05:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Publiccms
Publiccms publiccms
CPEs cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
Vendors & Products Publiccms
Publiccms publiccms

Wed, 21 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Sanluan
Sanluan publiccms
Vendors & Products Sanluan
Sanluan publiccms

Sun, 18 Jan 2026 05:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Publiccms Publiccms
Sanluan Publiccms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:36:16.524Z

Reserved: 2026-01-17T08:58:04.516Z

Link: CVE-2026-1111

cve-icon Vulnrichment

Updated: 2026-01-21T18:49:55.355Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-18T06:16:01.007

Modified: 2026-02-05T19:48:24.197

Link: CVE-2026-1111

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:30:25Z

Weaknesses