Home

Description

OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-29 | Updated 2025-09-29 | Assigner mitre

References

github.com/sanluan/PublicCMS/issues/97

cve.org (CVE-2025-57516)

nvd.nist.gov (CVE-2025-57516)

Download JSON