CVE-2018-19893

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

CVE-2018-19893

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

CVE-2018-19893

CVE-2018-19893 concerns a SQL injection in PbootCMS 1.2.1. The vulnerability is in SearchController.php, exploitable via the index.php/Search/index.html query string. Attackers can trigger SQL injection remotely through the Search feature. Some connected sources also describe the issue as allowin...

PbootCMS SQL Injection Vulnerability (CNVD-2018-26780)

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A SQL injection vulnerability exists in the SearchController.php file in PbootCMS version 1.2.1, which can be exploited by remote attackers to obtain the admin account name and password ...

Pbootcms V1.3.3 Code Execution Vulnerability in Frontend

PbootCMS is an open source free PHP enterprise website development and construction management system developed by Avantech. Pbootcms V1.3.3 version of the front-end code execution vulnerabilities. The vulnerability is caused by failure to filter parameters. An attacker can exploit this...

PbootCMS Code Execution Vulnerability

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A security vulnerability exists in PbootCMS version V1.3.1 build 2018-11-14, which stems from the program failing to use the correct protection mechanism. A remote attacker can exploit t...

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

Code injection

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 is vulnerable to remote code execution via an eval-based input in the web layer. The issue stems from an insufficient protection mechanism in apps/home/controller/ParserController.php (parserIfLabel), which allows an attacker to inject and execute code through a c...

CVE-2018-19053

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

Code injection

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

CVE-2018-19053

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

CVE-2018-19053

CVE-2018-19053 affects PbootCMS 1.2.2, where a remote attacker can achieve arbitrary PHP code execution by manipulating a .php filename in a SET GLOBAL general_log_file statement, followed by a SELECT containing the code. The root cause is the combination of allowing an external input to specify ...

CVE-2018-19053

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

PbootCMS Arbitrary PHP Code Execution Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...

PbootCMS Database Backup File Has Information Leakage Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. There is an information leakage vulnerability in the database backup file of PbootCMS. Attackers can use the vulnerability to obtain sensitive information...

PbootCMS SQL Injection Vulnerability (CNVD-2018-21503)

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A SQL injection vulnerability exists in the apps\admin\controller\content\SingleController.php file in PbootCMS version 1.2.2-20181012. A remote attacker can exploit this vulnerability t...

CVE-2018-18450

apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI...