Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-6796

Source VulDB

Published Apr 21, 2026 at 20:30

Modified Apr 21, 2026 at 20:40

Affected Product

Vendor Sanluan

Product PublicCMS

Version 6.202506.a

Affected Versions Sanluan PublicCMS 6.202506.a
Sanluan PublicCMS 6.202506.b
Sanluan PublicCMS 6.202506.c
Sanluan PublicCMS 6.202506.d

CWE Classification

CWE-313 CWE-312

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-21T20:30:18.556Z",
    "modified": "2026-04-21T20:40:36.437Z",
    "type": "cve",
    "title": "Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358490\nhttps://vuldb.com/vuln/358490/cti\nhttps://vuldb.com/submit/794797",
    "id": "CVE-2026-6796",
    "bulletinFamily": "",
    "cwe": [
        "CWE-313",
        "CWE-312"
    ],
    "cvelist": null,
    "sourceData": "Sanluan PublicCMS 6.202506.a\nSanluan PublicCMS 6.202506.b\nSanluan PublicCMS 6.202506.c\nSanluan PublicCMS 6.202506.d",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PublicCMS",
    "version": "6.202506.a",
    "vendor": "Sanluan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file_CVE-2026-6796