Pbootcms: >> Pbootcms Security Vulnerabilities
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-03-02
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-03-02
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-10-10
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-02-17
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-07
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-06
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
CVSS Score
9.8
EPSS Score
0.051
Published
2018-11-27
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-11-07
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-17
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-10-10