VYPR

Pbootcms

by Pbootcmspro

Source repositories

CVEs (39)

  • CVE-2026-4508HigMar 20, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be…

  • CVE-2026-4514MedMar 21, 2026
    risk 0.34cvss 6.3epss 0.00

    A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The…

  • CVE-2026-4509MedMar 21, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The…

  • CVE-2020-18456MedAug 12, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.

  • CVE-2020-20363MedJul 8, 2021
    risk 0.31cvss 4.8epss 0.01

    Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.

  • CVE-2020-21003MedJun 3, 2021
    risk 0.31cvss 4.8epss 0.00

    Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.

  • CVE-2019-17417MedOct 10, 2019
    risk 0.31cvss 4.8epss 0.01

    PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.

  • CVE-2026-36239MedMay 26, 2026
    risk 0.28cvss 4.3epss 0.00

    PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality

  • CVE-2025-15153LowDec 28, 2025
    risk 0.24cvss 3.7epss 0.00

    A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of…

  • CVE-2026-4510MedMar 21, 2026
    risk 0.21cvss 4.3epss 0.00

    A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation…

  • CVE-2024-1018LowJan 29, 2024
    risk 0.16cvss 2.4epss 0.01

    A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.…

  • CVE-2025-15154Dec 28, 2025
    risk 0.00cvss epss 0.00

    A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The…

  • CVE-2025-46109Jun 18, 2025
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request

  • CVE-2025-3787Apr 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2025-29389Apr 9, 2025
    risk 0.00cvss epss 0.00

    PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.

  • CVE-2020-19248Feb 21, 2025
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse…

  • CVE-2024-12793Dec 19, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may…

  • CVE-2024-12789Dec 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely.…

  • CVE-2024-42930Oct 28, 2024
    risk 0.00cvss epss 0.00

    PbootCMS 3.2.8 is vulnerable to URL Redirect.

Page 2 of 2