36 matches found
CVE-2022-32417
PbootCMS v3.1.2 contains a remote code execution (RCE) vulnerability in parserIfLabel() within function.php, as identified for CVE-2022-32417. The affected software is PbootCMS (core version 3.1.2). Reported impact includes remote code execution with potential full host compromise; CVSS v3.1 vect...
CVE-2023-39834
CVE-2023-39834 affects PbootCMS prior to version 3.2.0. The vulnerability is a command injection via the create_function construct in PHP, with confirmed impact described across sources. Affected software: PbootCMS (PHP-based CMS); vulnerable component: create_function usage in versions before 3....
CVE-2019-17417
PbootCMS 2.0.2 is reported vulnerable to cross-site scripting (XSS) via routes such as Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/. The root cause is a reflected/Stored XSS vector in these URIs that allows injection of malicious scripts within the context of authenticated or unaut...
CVE-2024-12789
PbootCMS versions up to 3.2.3 contain a code injection vulnerability in an unspecified portion of apps/home/controller/IndexController.php. The issue arises from improper handling of the tag parameter, enabling arbitrary code execution and remote exploitation. The vulnerability has been publicly ...
CVE-2025-3787
CVE-2025-3787 affects PbootCMS 3.2.5, specifically the Image Handler component. The weakness allows server-side request forgery via manipulation of the Image Handler, with remote exploitability and public disclosure noted across multiple sources. Reports describe an unknown function as the entry ...
CVE-2024-1018
CVE-2024-1018 affects PbootCMS 3.2.5-20230421. The vulnerability is an XSS in an unknown function of /admin.php?p=/Area/index#tab=t2 caused by manipulation of the name argument. It is exploitable remotely, and the public exploit has been disclosed (VDB-252288). Various sources reinforce that Pboo...
CVE-2020-23580
CVE-2020-23580 concerns a Remote Code Execution in PbootCMS 2.0.8, specifically via the message board function. The root cause described across connected sources is that the message board does not validate data, enabling an attacker to execute arbitrary code remotely. The vulnerability is treated...
CVE-2020-20363
CVE-2020-20363 is a Cross‑Site Scripting (XSS) vulnerability in PbootCMS 2.0.3, specifically affecting the admin.php page. The connected CNVD/CNNVD entries describe the root cause as improper validation of client-side data in admin.php, enabling injection of script code. Other sources (NVD, Red H...
CVE-2024-42930
PbootCMS 3.2.8 is affected by a URL redirect vulnerability. The CVE-2024-42930 entry identifies PbootCMS 3.2.8 as vulnerable to URL redirection. No exploit details or vectors are provided in the connected documents. Remediation information (e.g., patched version) is not included in the supplied c...
CVE-2021-37497
CVE-2021-37497 affects PbootCMS 3.0.5. The vulnerability is a SQL injection in a route that allows remote attackers to execute arbitrary SQL via a crafted GET request. Impact is described as high (C/H/I/H, CVSS 3.1 base 9.8; network access, no user interaction required). A patch is typically rele...
CVE-2025-29389
CVE-2025-29389 affects PbootCMS v3.2.9 with a cross-site scripting (XSS) vulnerability in the admin.php?p=/Content/index/mcode/2#tab=t2 endpoint. The connected sources consistently identify the issue as a XSS in that admin page path; no root-cause code snippet is provided beyond this. Exploitatio...
CVE-2018-16357
The CVE-2018-16357 entry concerns PbootCMS and a SQL injection vulnerability exposed through the api.php/Cms/search order parameter. The NVD entry documents a SQL injection path in PbootCMS, with CVSS v3.1 impact scores: {C:H, I:H, A:H} and a base score of 9.8 (CRITICAL) and CVSS v2 base score 7....
CVE-2020-19248
The CVE-2020-19248 entry describes a SQL Injection in PbootCMS 1.4.1 tied to template parsing of if statements, where a malicious user can contaminate template content by crafting page-contamination URLs that trigger eval-based template parsing. Affected software: PbootCMS 1.4.1 (PHP). Root cause...
CVE-2024-12793
PbootCMS up to 5.2.3 contains a path traversal vulnerability in the code path apps/home/controller/IndexController.php via manipulation of the tag parameter. The issue may be exploitable remotely and the public disclosure suggests an attacker could craft requests to reach restricted paths. Remedi...
CVE-2018-10132
CVE-2018-10132 affects PbootCMS v0.9.8. The vulnerability is described as a cross‑site request forgery (CSRF) in admin.php/Message/mod/id/19.html?backurl=/index.php that can cause PHP code injection in the recontent parameter. Connected sources consistently reference the same description. No conc...
CVE-2023-50082
CVE-2023-50082 affects Aoyun Technology pbootcms v3.1.2 and is caused by Incorrect Access Control, enabling session leakage that can expose sensitive information and allow a user to avoid logging into the backend management platform. The provided connected documents consistently describe the issu...
CVE-2020-17901
CVE-2020-17901 concerns a CSRF flaw in PbootCMS 1.3.2 that enables an attacker to change a user’s password. The Red Hat and CNVD/CVE mirrors corroborate the same description: a cross-site request forgery issue affecting PbootCMS 1.3.2. The available documents do not provide root-cause details, af...
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 is vulnerable to remote code execution via an eval-based input in the web layer. The issue stems from an insufficient protection mechanism in apps/home/controller/ParserController.php (parserIfLabel), which allows an attacker to inject and execute code through a c...
CVE-2020-22535
The CVE-2020-22535 entry affects PbootCMS 2.0.6 . The vulnerability is an Incorrect Access Control issue triggered by the list parameter in update function (upgradecontroller.php) . Multiple connected records corroborate the same description across CVE catalogs (NVD, Red Hat, CNVD, CVE List, CNNV...
CVE-2021-28245
PbootCMS 3.0.4 contains a SQL injection vulnerability in index.php via the search parameter that can be exploited to add an administrator account and reveal sensitive information. This CVE (CVE-2021-28245) is documented across multiple feeds (NVD, Red Hat, CNVD, CVE lists) with consistent descrip...
CVE-2020-21003
CVE-2020-21003 affects Pbootcms v2.0.3 and is a cross-site scripting (XSS) vulnerability via admin.php. The connected documents confirm the affected product/version and that the issue is an XSS in the admin.php entry point; no further exploit details, impact scope, or remediation steps are provid...
CVE-2018-19053
CVE-2018-19053 affects PbootCMS 1.2.2, where a remote attacker can achieve arbitrary PHP code execution by manipulating a .php filename in a SET GLOBAL general_log_file statement, followed by a SELECT containing the code. The root cause is the combination of allowing an external input to specify ...
CVE-2018-16356
CVE-2018-16356 affects PbootCMS . The issue is a SQL injection in the API endpoint api.php/List/index via the order parameter , allowing injection through user-controllable input. The vulnerability is presented with an overall impact of high/critical (CVSS v3.1: 9.8, Network, Privileges None, Use...
CVE-2018-18450
PbootCMS is affected by CVE-2018-18450. The vulnerability resides in apps\admin\controller\content\SingleController.php and is present in PbootCMS prior to version 1.3.0 build 2018-11-12. It is a SQL Injection flaw exploitable via a crafted POST to the admin.php/Single/mod/mcode/1/id/3 URI, as de...
CVE-2018-19893
CVE-2018-19893 concerns a SQL injection in PbootCMS 1.2.1. The vulnerability is in SearchController.php, exploitable via the index.php/Search/index.html query string. Attackers can trigger SQL injection remotely through the Search feature. Some connected sources also describe the issue as allowin...
CVE-2019-8422
CVE-2019-8422 affects PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php, enabling SQL Injection . Connected sources report a base CVSS v3.0 score of 7.2 (HIGH) with network attack vector, low attack complexity, and impacts to confidentiality, int...
CVE-2020-18456
CVE-2020-18456 affects PbootCMS v1.3.7, with a Cross Site Scripting (XSS) flaw exploitable via the title parameter in the mod function of SingleController.php. The root cause is improper handling of input in that function, allowing script injection that can affect users viewing crafted pages. Doc...
CVE-2018-11369
PbootCMS v1.0.9 is affected by CVE-2018-11369. The vulnerability is a SQL injection in the ParserController.php, triggered via the scode parameter under apps/home/controller. The underlying issue is unsafe handling of the scode input, enabling an attacker to retrieve data from the database. Docum...
CVE-2019-7570
CVE-2019-7570 applies to PbootCMS v1.3.6, describing a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to delete user accounts via the admin.php/User/del/ucode/ endpoint. The connected sources confirm the affected product/version and the targeted action, with no additional...
CVE-2018-10133
PbootCMS v0.9.8 is vulnerable to PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. Multiple sources (NVD, Red Hat, CNVD, CVE lists) describe the issue with a PHP code inje...
CVE-2018-11018
PbootCMS v1.0.7 contains a Cross‑Site Request Forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php that enables remote attackers to add administrator accounts via admin.php/role/add.html. Affected software: PbootCMS 1.0.7. Root cause: CSRF in role management workflow al...
CVE-2018-18211
PbootCMS 1.2.1 is affected by an SQL injection vulnerability. The issue occurs via HTTP POST data to the api.php/cms/addform?fcode=1 URI, enabling crafted input to influence SQL queries. This CVE is supported by multiple sources (NVD entry CVE-2018-18211 and related records) indicating a high-sev...
CVE-2020-20971
CVE-2020-20971 describes a CSRF vulnerability in PbootCMS v2.0.3, exploitable via /admin.php?p=/User/index. The CVSS 3.1 base score is 8.8 (HIGH) with network access, low attack complexity, no privileges required but user interaction required, and impacts on confidentiality, integrity, and availa...
CVE-2025-46109
CVE-2025-46109 affects pbootCMS versions 3.2.5 and 3.2.10, where uncleaned inputs enable SQL injection via a crafted GET request. Several connected sources (Red Hat, CNNVD, PT Security, OSV/NVD) corroborate a remote attacker can obtain sensitive information. The root cause is an input handling fl...
CVE-2025-15153
CVE-2025-15153 affects PbootCMS up to version 3.2.12, involving the SQLite Database component (file: /data/pbootcms.db). A misoperation in an unknown function within that file can permit remote manipulation that leads to access to files or directories. Exploitation is described as remotely execut...
CVE-2025-15154
CVE-2025-15154 affects PbootCMS (up to 3.2.12). The vulnerable component is Header Handler, function get_user_ip in core/function/handle.php, where manipulation of X-Forwarded-For causes the system to use a less trusted source. Attacks can be remote and public exploits are disclosed. Remediation:...