CVE-2026-1111

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions prior to 5.202506.d

Description A flaw exists in Sanluan PublicCMS that allows for path traversal. This issue stems from manipulation of the path argument within the Save function located in the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java, part of the Task Template Management Handler component. The attack can be initiated remotely. The details of the exploit have been publicly disclosed.

Recommendations Update Sanluan PublicCMS to a version later than 5.202506.d.