CVE-2018-12914

Name of the Vulnerable Software and Affected Versions PublicCMS version 4.0.20180210

Description A remote code execution issue was found, allowing an attacker to upload a ZIP archive containing a .jsp file with a directory traversal pathname. After the unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

Recommendations For PublicCMS version 4.0.20180210, consider restricting the upload of ZIP archives or limiting the execution of .jsp files to prevent arbitrary code execution until a patch is available. As a temporary workaround, restrict access to directories where .jsp files can be executed to minimize the risk of exploitation.