CVE-2026-1112

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions up to 5.202506.d

Description A flaw exists in Sanluan PublicCMS that allows for improper authorization. This issue is related to the delete function within the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the Trade Address Deletion Endpoint component. Manipulation of the ids argument can trigger the issue, and the attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 5.202506.d should be updated.