Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pbootcms pbootcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-10133
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
Pbootcms Pbootcms 0.9.8
9.8
CVSSv3
CVE-2021-37497
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote malicious users to run arbitrary SQL commands via crafted GET request.
Pbootcms Pbootcms 3.0.5
9.8
CVSSv3
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 allows remote malicious users to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\con...
Pbootcms Pbootcms 1.3.1
7.5
CVSSv3
CVE-2021-28245
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
Pbootcms Pbootcms 3.0.4
6.5
CVSSv3
CVE-2020-17901
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows malicious users to change the password of a user.
Pbootcms Pbootcms 1.3.2
8.8
CVSSv3
CVE-2018-11018
An issue exists in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote malicious users to add administrator accounts via admin.php/role/add.html.
Pbootcms Pbootcms 1.0.7
7.2
CVSSv3
CVE-2018-19053
PbootCMS 1.2.2 allows remote malicious users to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
Pbootcms Pbootcms 1.2.2
6.5
CVSSv3
CVE-2019-7570
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
Pbootcms Pbootcms 1.3.6
4.8
CVSSv3
CVE-2019-17417
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
Pbootcms Pbootcms 2.0.2
9.8
CVSSv3
CVE-2018-19893
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
Pbootcms Pbootcms 1.2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »