CVE-2026-4508 PbootCMS Member Login MemberController.php checkUsername sql injection

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

CVE-2026-4508

CVE-2026-4508 affects PbootCMS up to version 3.2.12. The vulnerability resides in the Member Login flow, specifically the function checkUsername in apps/home/controller/MemberController.php, where manipulation of the Username argument leads to a SQL injection. The issue can be triggered remotely;...

CVE-2026-4508 PbootCMS Member Login MemberController.php checkUsername sql injection

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

PbootCMS SQL注入漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter Username in the checkUsername function within the...

PT-2026-26690

Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12 Description A flaw exists in PbootCMS up to version 3.2.12 related to the manipulation of the Username argument within the checkUsername function located in the file apps/home/controller/MemberController.php o...

CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform...

CVE-2018-10133

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...

CVE-2021-28245

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account...

CVE-2020-23580

Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board...

CVE-2020-17901

Cross-site request forgery CSRF in PbootCMS 1.3.2 allows attackers to change the password of a user...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2025-15154

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

EUVD-2025-205526

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2025-15154

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

CVE-2025-15154

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

CVE-2025-15154

CVE-2025-15154 affects PbootCMS (up to 3.2.12). The vulnerable component is Header Handler, function get_user_ip in core/function/handle.php, where manipulation of X-Forwarded-For causes the system to use a less trusted source. Attacks can be remote and public exploits are disclosed. Remediation:...