Pbootcms: >> Pbootcms Security Vulnerabilities
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-05-22
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-05-13
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-16
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-16
Page 4