apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
References
Link | Resource |
---|---|
http://www.ttk7.cn/post-96.html | Exploit Third Party Advisory |
https://www.pbootcms.com/changelog.html | Product Vendor Advisory |
Configurations
Information
Published : 2018-10-17 15:29
Updated : 2019-03-07 07:49
NVD link : CVE-2018-18450
Mitre link : CVE-2018-18450
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
pbootcms
- pbootcms