CVE-2026-8738 | Sanluan PublicCMS 5.202506.d Trade Payment Flow TradeOrderController.java logic error

A vulnerability has been found in Sanluan PublicCMS 5.202506.d and classified as critical. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the component Trade Payment Flow. The manipulation leads to business logic errors.

This vulnerability is referenced as CVE-2026-8738. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8738 | Sanluan PublicCMS 5.202506.d Trade Payment Flow TradeOrderController.java logic error

Post correlati

CVE-2025-69725 | go-chi 5.2.2 redirect

CVE-2024-11730 | iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress static_data_list sort[] sql injection

CVE-2024-37985 | ARM CPU information disclosure

CVE-2023-52799 | Linux Kernel up to 6.6.2 jfs dmtree_t array index