{"id":"CVE-2025-57516","details":"OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file.","modified":"2026-04-10T05:31:07.908027Z","published":"2025-09-29T15:16:08.767Z","references":[{"type":"REPORT","url":"https://github.com/sanluan/PublicCMS/issues/97"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sanluan/publiccms","events":[{"introduced":"0"},{"last_affected":"59479f0374d48903f5678280c7ae4a46f5e94f8d"},{"introduced":"0"},{"last_affected":"59479f0374d48903f5678280c7ae4a46f5e94f8d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.202506.a"},{"introduced":"0"},{"last_affected":"5.202506.b"}]}}],"versions":["V2016","V4.0.180707","V4.0.181024","V4.0.190312","V4.0.202004","V4.0.202107","V5.202302.a","V5.202302.b","V5.202302.c","V5.202302.d","V5.202302.e","V5.202302.f","V5.202406.a","V5.202406.b","V5.202406.c","V5.202406.d","V5.202406.e","V5.202506.a","V5.202506.b","V5.202506.c","V5.202506.d"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57516.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}]}