Pbootcms Security Vulnerabilities
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been.....
6.1CVSS
6AI Score
0.001EPSS
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management...
7.5CVSS
7.5AI Score
0.007EPSS
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via...
9.8CVSS
9.7AI Score
0.003EPSS
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET...
9.8CVSS
9.8AI Score
0.001EPSS
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent...
8.8CVSS
8.9AI Score
0.001EPSS
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in...
9.8CVSS
9.6AI Score
0.007EPSS
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode...
9.8CVSS
9.6AI Score
0.002EPSS
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at...
9.8CVSS
9.9AI Score
0.526EPSS
8.8CVSS
8.7AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in...
4.8CVSS
4.9AI Score
0.001EPSS
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in...
6.5CVSS
6.5AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.007EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin...
7.5CVSS
7.6AI Score
0.002EPSS
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a...
6.5CVSS
6.6AI Score
0.001EPSS
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order...
9.8CVSS
9.7AI Score
0.002EPSS
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order...
9.8CVSS
9.7AI Score
0.002EPSS
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/...
4.8CVSS
4.7AI Score
0.001EPSS
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in...
7.2CVSS
7.4AI Score
0.001EPSS
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/...
6.5CVSS
6.5AI Score
0.001EPSS
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query...
9.8CVSS
9.8AI Score
0.002EPSS
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php...
9.8CVSS
9.7AI Score
0.04EPSS
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP...
7.2CVSS
7.4AI Score
0.004EPSS
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3...
9.8CVSS
9.5AI Score
0.002EPSS
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1...
8.1CVSS
8.4AI Score
0.002EPSS
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via...
8.8CVSS
8.7AI Score
0.002EPSS