OS Command Injection Vulnerability in PublicCMS by Sanluan
CVE-2025-57516

8.2HIGH

Key Information:

Vendor: Sanluan
Status: PublicCMS
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-57516?

An OS Command injection vulnerability exists in PublicCMS versions V5.202506.a and V5.202506.b. Attackers can exploit this weakness to execute arbitrary commands by manipulating the DATABASE, USERNAME, or PASSWORD variables routed to the backupDB.bat file. This vulnerability poses a significant risk as it allows unauthorized command execution on the server, potentially leading to data compromise and system disruption.

References

https://github.com/sanluan/PublicCMS/issues/97

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Aug 17, 2025

JSON