Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sanluan — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Sanluan. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sanluan is a Chinese web application framework primarily used for building content management systems and e-commerce platforms. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 11 recorded CVEs. The framework's security posture has been compromised through insecure default configurations and insufficient input validation, leading to several high-severity incidents where attackers could gain unauthorized administrative access. These vulnerabilities have allowed threat actors to deploy web shells, extract sensitive data, and compromise entire server environments, making Sanluan a persistent target for exploitation in the Chinese threat landscape.

Top products by Sanluan: PublicCMS
CVE IDTitleCVSSSeverityPublished
CVE-2026-6797 Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption — PublicCMSCWE-400 4.3 Medium2026-04-21
CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file — PublicCMSCWE-313 4.3 Medium2026-04-21
CVE-2026-5987 Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine — PublicCMSCWE-1336 4.7 Medium2026-04-09
CVE-2026-3289 Sanluan PublicCMS Template Cache Generation TemplateCacheComponent.java saveMetadata path traversal — PublicCMSCWE-22 6.3 Medium2026-02-27
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization — PublicCMSCWE-285 4.2 Medium2026-02-06
CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization — PublicCMSCWE-285 5.4 Medium2026-01-18
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal — PublicCMSCWE-22 4.7 Medium2026-01-18
CVE-2025-7953 Sanluan PublicCMS viewer.html redirect — PublicCMSCWE-601 3.5 Low2025-07-22
CVE-2025-7949 Sanluan PublicCMS preview.html redirect — PublicCMSCWE-601 3.5 Low2025-07-22
CVE-2024-11070 Sanluan PublicCMS Tag Type save cross site scripting — PublicCMSCWE-79 3.5 Low2024-11-11
CVE-2022-3950 sanluan PublicCMS Tab dwz.min.js initLink cross site scripting — PublicCMSCWE-707 3.5 Low2022-11-11

This page lists every published CVE security advisory associated with Sanluan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.