29 matches found
CVE-2026-4510
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
EUVD-2026-14242
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
EUVD-2026-13931
A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...
PT-2026-26883
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...
PbootCMS 代码注入漏洞
PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the backurl parameter in the alertlocation function within the...
CVE-2026-4508
A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...
CVE-2026-4508
CVE-2026-4508 affects PbootCMS up to version 3.2.12. The vulnerability resides in the Member Login flow, specifically the function checkUsername in apps/home/controller/MemberController.php, where manipulation of the Username argument leads to a SQL injection. The issue can be triggered remotely;...
CVE-2026-2895
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
EUVD-2025-205389
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper...
CVE-2025-15086 youlaitech youlai-mall MemberController.java getMemberByMobile access control
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...
CVE-2025-15086 youlaitech youlai-mall MemberController.java getMemberByMobile access control
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...
CVE-2025-15086
CVE-2025-15086 affects youlaitech youlai-mall versions 1.0.0–2.0.0. The vulnerability is in the getMemberByMobile function of mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java, causing improper access controls. The issue can be exploited remotely and the exp...
CVE-2025-15085
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper...
CVE-2025-15085
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper...
CVE-2025-15085
CVE-2025-15085 affects youlaitech youlai-mall versions 1.0.0–2.0.0 in the Balance Handler component. The issue resides in the function deductBalance inside mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java, causing improper authorization . The description st...
youlai-mall 授权问题漏洞
youlai-mall is a full-stack mall system by youlaitech open source. Authorization issue vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which stems from the Balance Handler component file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/ The function deductBalance in...
youlai-mall 访问控制错误漏洞
youlai-mall is a full-stack mall system by youlaitech open source. An access control error vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which originates from the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController. The function getMemberByMobil...
PT-2025-53408
Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description A security flaw exists in youlaitech youlai-mall. The issue involves improper authorization within the Balance Handler component. Specifically, the deductBalance function, located...