2 matches found
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 is vulnerable to remote code execution via an eval-based input in the web layer. The issue stems from an insufficient protection mechanism in apps/home/controller/ParserController.php (parserIfLabel), which allows an attacker to inject and execute code through a c...