CVE-2025-7949

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7949

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7949.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7949

Published

2025-07-22T02:15:23.537Z

Modified

2026-04-10T05:36:05.079027Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/sanluan/publiccms

Affected ranges

Type

GIT

Repo

https://github.com/sanluan/publiccms

Events

Introduced

Fixed

59479f0374d48903f5678280c7ae4a46f5e94f8d

Fixed

c1e79f124e3f4c458315d908ed7dee06f9f12a76

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.202506.b"
        }
    ]
}

Affected versions

Other

V2016

V4.*

V4.0.180707

V4.0.181024

V4.0.190312

V4.0.202004

V4.0.202107

V5.*

V5.202302.a

V5.202302.b

V5.202302.c

V5.202302.d

V5.202302.e

V5.202302.f

V5.202406.a

V5.202406.b

V5.202406.c

V5.202406.d

V5.202406.e

V5.202506.a

V5.202506.b

V5.202506.c

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7949.json"