SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
my-cve my cve listed here CVE-2018-19893 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2018-19893