Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pbootcms pbootcms - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-32417
PbootCMS v3.1.2 exists to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
Pbootcms Pbootcms 3.1.2
6.8
CVSSv2
CVE-2018-10132
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
Pbootcms Pbootcms 0.9.8
4
CVSSv2
CVE-2020-22535
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
Pbootcms Pbootcms 2.0.6
7.5
CVSSv2
CVE-2018-19893
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
Pbootcms Pbootcms 1.2.1
6.5
CVSSv2
CVE-2019-8422
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
Pbootcms Pbootcms 1.3.2
3.5
CVSSv2
CVE-2019-17417
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
Pbootcms Pbootcms 2.0.2
NA
CVE-2024-1018
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The...
Pbootcms Pbootcms 3.2.5
7.5
CVSSv2
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 allows remote malicious users to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\con...
Pbootcms Pbootcms 1.3.1
6.8
CVSSv2
CVE-2018-11018
An issue exists in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote malicious users to add administrator accounts via admin.php/role/add.html.
Pbootcms Pbootcms 1.0.7
NA
CVE-2021-37497
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote malicious users to run arbitrary SQL commands via crafted GET request.
Pbootcms Pbootcms 3.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »