Vendor CVEs
Pbootcmspro
All CVEs
39 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32417 | Cri | 0.66 | 9.8 | 0.33 | Jul 14, 2022 | PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | ||
| CVE-2023-39834 | Cri | 0.64 | 9.8 | 0.02 | Aug 24, 2023 | PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | ||
| CVE-2021-37497 | Cri | 0.64 | 9.8 | 0.01 | Feb 3, 2023 | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | ||
| CVE-2020-23580 | Cri | 0.64 | 9.8 | 0.02 | Jul 8, 2021 | Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. | ||
| CVE-2018-16357 | Cri | 0.64 | 9.8 | 0.02 | Mar 2, 2020 | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | ||
| CVE-2018-16356 | Cri | 0.64 | 9.8 | 0.02 | Mar 2, 2020 | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | ||
| CVE-2018-19893 | Cri | 0.64 | 9.8 | 0.01 | Dec 6, 2018 | SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | ||
| CVE-2018-19595 | Cri | 0.64 | 9.8 | 0.04 | Nov 27, 2018 | PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect… | ||
| CVE-2018-18450 | Cri | 0.64 | 9.8 | 0.02 | Oct 17, 2018 | apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | ||
| CVE-2018-10133 | Cri | 0.64 | 9.8 | 0.01 | Apr 16, 2018 | PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | ||
| CVE-2020-20971 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2022 | Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | ||
| CVE-2018-11018 | Hig | 0.57 | 8.8 | 0.01 | May 13, 2018 | An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | ||
| CVE-2018-10132 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2018 | PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | ||
| CVE-2018-18211 | Hig | 0.53 | 8.1 | 0.01 | Oct 10, 2018 | PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | ||
| CVE-2019-8422 | Hig | 0.47 | 7.2 | 0.01 | Feb 17, 2019 | A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | ||
| CVE-2018-19053 | Hig | 0.47 | 7.2 | 0.01 | Nov 7, 2018 | PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | ||
| CVE-2020-22535 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2021 | Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | ||
| CVE-2020-17901 | Med | 0.42 | 6.5 | 0.00 | Nov 30, 2020 | Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | ||
| CVE-2019-7570 | Med | 0.42 | 6.5 | 0.01 | Feb 7, 2019 | A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | ||
| CVE-2026-12066 | Hig | 0.40 | 7.3 | 0.00 | Jun 12, 2026 | A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in… | ||
| CVE-2026-4508 | Hig | 0.40 | 7.3 | 0.00 | Mar 20, 2026 | A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be… | ||
| CVE-2026-4514 | Med | 0.34 | 6.3 | 0.00 | Mar 21, 2026 | A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The… | ||
| CVE-2026-4509 | Med | 0.34 | 6.3 | 0.00 | Mar 21, 2026 | A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The… | ||
| CVE-2020-18456 | Med | 0.31 | 4.8 | 0.01 | Aug 12, 2021 | Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | ||
| CVE-2020-20363 | Med | 0.31 | 4.8 | 0.01 | Jul 8, 2021 | Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. | ||
| CVE-2020-21003 | Med | 0.31 | 4.8 | 0.00 | Jun 3, 2021 | Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php. | ||
| CVE-2019-17417 | Med | 0.31 | 4.8 | 0.01 | Oct 10, 2019 | PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | ||
| CVE-2026-36239 | Med | 0.28 | 4.3 | 0.00 | May 26, 2026 | PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality | ||
| CVE-2025-15153 | Low | 0.24 | 3.7 | 0.00 | Dec 28, 2025 | A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of… | ||
| CVE-2026-4510 | Med | 0.21 | 4.3 | 0.00 | Mar 21, 2026 | A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation… | ||
| CVE-2024-1018 | Low | 0.16 | 2.4 | 0.01 | Jan 29, 2024 | A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.… | ||
| CVE-2025-15154 | 0.00 | — | 0.00 | Dec 28, 2025 | A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The… | |||
| CVE-2025-46109 | 0.00 | — | 0.00 | Jun 18, 2025 | SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request | |||
| CVE-2025-3787 | 0.00 | — | 0.00 | Apr 18, 2025 | A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed… | |||
| CVE-2025-29389 | 0.00 | — | 0.00 | Apr 9, 2025 | PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. | |||
| CVE-2020-19248 | 0.00 | — | 0.00 | Feb 21, 2025 | SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse… | |||
| CVE-2024-12793 | 0.00 | — | 0.00 | Dec 19, 2024 | A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may… | |||
| CVE-2024-12789 | 0.00 | — | 0.01 | Dec 19, 2024 | A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely.… | |||
| CVE-2024-42930 | 0.00 | — | 0.00 | Oct 28, 2024 | PbootCMS 3.2.8 is vulnerable to URL Redirect. |
- risk 0.66cvss 9.8epss 0.33
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
- risk 0.64cvss 9.8epss 0.02
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.
- risk 0.64cvss 9.8epss 0.02
Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
- risk 0.64cvss 9.8epss 0.01
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
- risk 0.64cvss 9.8epss 0.04
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect…
- risk 0.64cvss 9.8epss 0.02
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
- risk 0.64cvss 9.8epss 0.01
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
- risk 0.57cvss 8.8epss 0.01
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
- risk 0.53cvss 8.1epss 0.01
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
- risk 0.47cvss 7.2epss 0.01
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
- risk 0.47cvss 7.2epss 0.01
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
- risk 0.42cvss 6.5epss 0.01
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
- risk 0.42cvss 6.5epss 0.00
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
- risk 0.42cvss 6.5epss 0.01
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
- risk 0.40cvss 7.3epss 0.00
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in…
- risk 0.40cvss 7.3epss 0.00
A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be…
- risk 0.34cvss 6.3epss 0.00
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The…
- risk 0.34cvss 6.3epss 0.00
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The…
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
- risk 0.31cvss 4.8epss 0.01
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
- risk 0.31cvss 4.8epss 0.00
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
- risk 0.31cvss 4.8epss 0.01
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
- risk 0.28cvss 4.3epss 0.00
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
- risk 0.24cvss 3.7epss 0.00
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of…
- risk 0.21cvss 4.3epss 0.00
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation…
- risk 0.16cvss 2.4epss 0.01
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.…
- CVE-2025-15154Dec 28, 2025risk 0.00cvss —epss 0.00
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The…
- CVE-2025-46109Jun 18, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request
- CVE-2025-3787Apr 18, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…
- CVE-2025-29389Apr 9, 2025risk 0.00cvss —epss 0.00
PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.
- CVE-2020-19248Feb 21, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse…
- CVE-2024-12793Dec 19, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may…
- CVE-2024-12789Dec 19, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely.…
- CVE-2024-42930Oct 28, 2024risk 0.00cvss —epss 0.00
PbootCMS 3.2.8 is vulnerable to URL Redirect.