Leynn3H

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS versions prior to 6.202506.d **Description** The `log login()` function within the Failed Login Handler component, located in the file `core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java`, allows for remote attacks. Manipulation of the `errorPassword` argument leads to the storage of sensitive information in cleartext on a file or disk. **Recommendations** Update to a version later than 6.202506.d. As a temporary workaround, restrict access to the `log login()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS versions prior to 6.202506.d **Description** A remote resource consumption issue exists in the `ZipSecureFile.setMinflateRatio()` function within the `common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java` file. **Recommendations** As a temporary workaround, consider restricting the use of the `ZipSecureFile.setMinflateRatio()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.