VYPR

Pbootcms

by Pbootcmspro

Source repositories

CVEs (39)

  • CVE-2022-32417CriJul 14, 2022
    risk 0.66cvss 9.8epss 0.33

    PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.

  • CVE-2023-39834CriAug 24, 2023
    risk 0.64cvss 9.8epss 0.02

    PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.

  • CVE-2021-37497CriFeb 3, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.

  • CVE-2020-23580CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.

  • CVE-2018-16357CriMar 2, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.

  • CVE-2018-16356CriMar 2, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.

  • CVE-2018-19893CriDec 6, 2018
    risk 0.64cvss 9.8epss 0.01

    SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.

  • CVE-2018-19595CriNov 27, 2018
    risk 0.64cvss 9.8epss 0.04

    PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect…

  • CVE-2018-18450CriOct 17, 2018
    risk 0.64cvss 9.8epss 0.02

    apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.

  • CVE-2018-10133CriApr 16, 2018
    risk 0.64cvss 9.8epss 0.01

    PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.

  • CVE-2020-20971HigJun 2, 2022
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.

  • CVE-2018-11018HigMay 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.

  • CVE-2018-10132HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.01

    PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.

  • CVE-2018-18211HigOct 10, 2018
    risk 0.53cvss 8.1epss 0.01

    PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.

  • CVE-2019-8422HigFeb 17, 2019
    risk 0.47cvss 7.2epss 0.01

    A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.

  • CVE-2018-19053HigNov 7, 2018
    risk 0.47cvss 7.2epss 0.01

    PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.

  • CVE-2020-22535MedJul 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.

  • CVE-2020-17901MedNov 30, 2020
    risk 0.42cvss 6.5epss 0.00

    Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

  • CVE-2019-7570MedFeb 7, 2019
    risk 0.42cvss 6.5epss 0.01

    A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.

  • CVE-2026-12066HigJun 12, 2026
    risk 0.40cvss 7.3epss 0.00

    A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in…

Page 1 of 2