Vulnerability Description
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the component Trade Payment Flow. The manipulation leads to business logic errors. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://vuldb.com/submit/809905
- https://vuldb.com/vuln/364326
- https://vuldb.com/vuln/364326/cti
- https://vulnplus-note.wetolink.com/share/ayeMf4xWK0ZZ
FAQ
What is CVE-2026-8738?
CVE-2026-8738 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publicc...
How severe is CVE-2026-8738?
CVE-2026-8738 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8738?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.