Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pbootcms Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11369 1 Pbootcms 1 Pbootcms 2018-06-22 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
CVE-2018-11018 1 Pbootcms 1 Pbootcms 2018-06-18 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
CVE-2018-10133 1 Pbootcms 1 Pbootcms 2018-05-22 7.5 HIGH 9.8 CRITICAL
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
CVE-2018-10132 1 Pbootcms 1 Pbootcms 2018-05-22 6.8 MEDIUM 8.8 HIGH
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.