CVE-2026-6796

MEDIUM 4.3

Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-313 CWE-312
Vendor	sanluan
Product	publiccms
Published	Apr 21, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for sanluan publiccms

Be the first to know when new medium vulnerabilities affecting sanluan publiccms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Sanluan / PublicCMS

6.202506.a 6.202506.b 6.202506.c 6.202506.d

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/358490 vuldb.com: https://vuldb.com/vuln/358490/cti vuldb.com: https://vuldb.com/submit/794797

Credits

🔍 LeyNn3H (VulDB User) VulDB CNA Team