Pbootcms: >> Pbootcms Security Vulnerabilities
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-03-31
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-30
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-03-02
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-03-02
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-10-10
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-02-17
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-07
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-06
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
CVSS Score
9.8
EPSS Score
0.049
Published
2018-11-27
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-11-07