CVE-2026-1112 | Sanluan PublicCMS up to 5.202506.d Trade Address Deletion Endpoint TradeAddressController.java delete ids improper authorization

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. It has been classified as critical. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization.

This vulnerability was named CVE-2026-1112. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1112 | Sanluan PublicCMS up to 5.202506.d Trade Address Deletion Endpoint TradeAddressController.java delete ids improper authorization

Post correlati

CVE-2024-9703 | Arconix Shortcodes Plugin up to 2.1.12 on WordPress Shortcode cross site scripting

CVE-2024-8611 | itsourcecode Tailoring Management System 1.0 ssms.php customer sql injection

CVE-2023-49874 | Mattermost up to 7.8.14/8.1.5/9.0.3/9.1.2/9.2.1 Task access control

CVE-2024-7576 | Progress Telerik UI for WPF prior 2024.3.924 deserialization