3 matches found
CVE-2024-6241
Pear Admin Boot up to 2.0.2 has a SQL injection in getDictItems (/system/dictData/getDictItems/). The attack is triggered by crafted input (,user(),1,1) and can be executed remotely. Exploit has been disclosed publicly. No remediation details are provided in the connected documents.
CVE-2023-30417
Pear-Admin-Boot (v2.0.2 and earlier) is affected by an XSS vulnerability that allows an attacker to inject arbitrary web scripts or HTML via the Title field of a private message. Affected component: Pear-Admin-Boot; root cause: improper sanitization/injection in the Title of private messages; imp...
CVE-2024-6266
Pear Admin Boot (up to version 2.0.2) is affected by a SQL injection in the /system/dictData/loadDictItem function caused by improper input handling. This enables remote exploitation, with public exploits disclosed. Remediation: upgrade to a version later than 2.0.2; as a temporary measure, consi...