Lucene search

K

Pbootcms Security Vulnerabilities

cve
cve

CVE-2024-1018

A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been.....

6.1CVSS

6AI Score

0.001EPSS

2024-01-29 08:15 PM
13
cve
cve

CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management...

7.5CVSS

7.5AI Score

0.007EPSS

2024-01-04 08:15 AM
20
cve
cve

CVE-2023-39834

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via...

9.8CVSS

9.7AI Score

0.003EPSS

2023-08-24 06:15 PM
87
cve
cve

CVE-2021-37497

SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET...

9.8CVSS

9.8AI Score

0.001EPSS

2023-02-03 06:15 PM
24
cve
cve

CVE-2018-10133

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in...

9.8CVSS

9.6AI Score

0.007EPSS

2022-10-03 04:22 PM
20
cve
cve

CVE-2018-10132

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent...

8.8CVSS

8.9AI Score

0.001EPSS

2022-10-03 04:22 PM
27
cve
cve

CVE-2018-11369

An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode...

9.8CVSS

9.6AI Score

0.002EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at...

9.8CVSS

9.9AI Score

0.526EPSS

2022-07-14 10:15 PM
171
8
cve
cve

CVE-2020-20971

Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via...

8.8CVSS

8.7AI Score

0.001EPSS

2022-06-02 02:15 PM
13
4
cve
cve

CVE-2020-18456

Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in...

4.8CVSS

4.9AI Score

0.001EPSS

2021-08-12 06:15 PM
21
cve
cve

CVE-2020-22535

Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in...

6.5CVSS

6.5AI Score

0.001EPSS

2021-07-09 04:15 PM
26
3
cve
cve

CVE-2020-23580

Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message...

9.8CVSS

9.6AI Score

0.007EPSS

2021-07-08 07:15 PM
45
10
cve
cve

CVE-2020-20363

Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in...

4.8CVSS

4.9AI Score

0.001EPSS

2021-07-08 06:15 PM
39
2
cve
cve

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via...

4.8CVSS

4.9AI Score

0.001EPSS

2021-06-03 02:15 PM
18
cve
cve

CVE-2021-28245

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin...

7.5CVSS

7.6AI Score

0.002EPSS

2021-03-31 02:15 PM
19
cve
cve

CVE-2020-17901

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a...

6.5CVSS

6.6AI Score

0.001EPSS

2020-11-30 07:15 PM
24
cve
cve

CVE-2018-16357

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order...

9.8CVSS

9.7AI Score

0.002EPSS

2020-03-02 08:15 PM
35
cve
cve

CVE-2018-16356

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order...

9.8CVSS

9.7AI Score

0.002EPSS

2020-03-02 08:15 PM
20
cve
cve

CVE-2019-17417

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/...

4.8CVSS

4.7AI Score

0.001EPSS

2019-10-10 01:06 AM
93
cve
cve

CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in...

7.2CVSS

7.4AI Score

0.001EPSS

2019-02-17 10:29 PM
18
cve
cve

CVE-2019-7570

A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/...

6.5CVSS

6.5AI Score

0.001EPSS

2019-02-07 07:29 AM
16
cve
cve

CVE-2018-19893

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query...

9.8CVSS

9.8AI Score

0.002EPSS

2018-12-06 03:29 AM
20
cve
cve

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php...

9.8CVSS

9.7AI Score

0.04EPSS

2018-11-27 07:29 AM
22
cve
cve

CVE-2018-19053

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP...

7.2CVSS

7.4AI Score

0.004EPSS

2018-11-07 05:29 AM
24
cve
cve

CVE-2018-18450

apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3...

9.8CVSS

9.5AI Score

0.002EPSS

2018-10-17 10:29 PM
21
cve
cve

CVE-2018-18211

PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1...

8.1CVSS

8.4AI Score

0.002EPSS

2018-10-10 04:29 PM
18
cve
cve

CVE-2018-11018

An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via...

8.8CVSS

8.7AI Score

0.002EPSS

2018-05-13 10:29 PM
19