CVE-2026-8738 | Sanluan PublicCMS 5.202506.d Trade Payment Flow TradeOrderController.java logic error

A vulnerability has been found in Sanluan PublicCMS 5.202506.d and classified as critical. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the component Trade Payment Flow. The manipulation leads to business logic errors.

This vulnerability is referenced as CVE-2026-8738. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More