EUVD-2026-14242

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510

CVE-2026-4510 affects PbootCMS up to 3.2.12. The flaw exists in the Parameter Handler’s function alert_location within apps/home/controller/MemberController.php, where manipulating the backurl argument enables cross-site scripting. Remote exploitation is possible and an exploit has been made publ...

CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

EUVD-2026-14239

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

CVE-2026-4509

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

CVE-2026-4509 PbootCMS File Upload file.php incomplete blacklist

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

CVE-2026-4509 PbootCMS File Upload file.php incomplete blacklist

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

CVE-2026-4509

The CVE-2026-4509 entry concerns PbootCMS versions up to 3.2.12, affecting the File Upload component. The flaw is tied to an incomplete blacklist in the handling of an argument within core/function/file.php, enabling a potential remote attack. The public exploit is noted in the sources. Affected ...

EUVD-2026-13931

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

PT-2026-26881

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

PT-2026-26883

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

PT-2026-26887

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...

PbootCMS 访问控制错误漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier contain a security vulnerability related to access control. This vulnerability stems from an unknown function in the Backend component file...

PbootCMS 安全漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. PbootCMS versions 3.2.12 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect handling of the 'black' parameter in the File Upload component’s code, located in...

PbootCMS 代码注入漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the backurl parameter in the alertlocation function within the...

CVE-2026-4508

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

CVE-2026-4508

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...