Publiccm RCE Summary Vulnerability: Path traversal in template cache generation. Location: - TemplateCacheComponent.java (line 235) - TemplateCacheComponent.java (line 260) - TemplateCacheComponent.java (line 291) - FreeMarkerUtils.java (line 75) Cause: - Cache path is formed by directly concatenating template path and parameters. - Lack of filtering on path segments. - No security filtering for absolute paths. - Direct file path usage leads to escape from target directory. Reproduction: - Exploit URL: - Malicious URL: - Script exploitation: Using path override to write default files. Core Principle: - Input validation failure. - Direct use of unvalidated user data. - Inability to normalize paths properly. Impact: Cache files and directories can be targeted and modified, leading to RCE.