Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37497 | 1 Pbootcms | 1 Pbootcms | 2023-02-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | |||||
| CVE-2022-32417 | 1 Pbootcms | 1 Pbootcms | 2022-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | |||||
| CVE-2020-20971 | 1 Pbootcms | 1 Pbootcms | 2022-06-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | |||||
| CVE-2020-18456 | 1 Pbootcms | 1 Pbootcms | 2021-08-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | |||||
| CVE-2020-23580 | 1 Pbootcms | 1 Pbootcms | 2021-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. | |||||
| CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2021-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
| CVE-2020-20363 | 1 Pbootcms | 1 Pbootcms | 2021-07-12 | 3.5 LOW | 4.8 MEDIUM |
| Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. | |||||
| CVE-2020-21003 | 1 Pbootcms | 1 Pbootcms | 2021-06-10 | 3.5 LOW | 4.8 MEDIUM |
| Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php. | |||||
| CVE-2021-28245 | 1 Pbootcms | 1 Pbootcms | 2021-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. | |||||
| CVE-2020-17901 | 1 Pbootcms | 1 Pbootcms | 2020-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | |||||
| CVE-2018-16356 | 1 Pbootcms | 1 Pbootcms | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | |||||
| CVE-2018-16357 | 1 Pbootcms | 1 Pbootcms | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | |||||
| CVE-2019-17417 | 1 Pbootcms | 1 Pbootcms | 2019-10-11 | 3.5 LOW | 4.8 MEDIUM |
| PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | |||||
| CVE-2018-19595 | 1 Pbootcms | 1 Pbootcms | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | |||||
| CVE-2018-18450 | 1 Pbootcms | 1 Pbootcms | 2019-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | |||||
| CVE-2019-8422 | 1 Pbootcms | 1 Pbootcms | 2019-02-19 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | |||||
| CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2019-02-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | |||||
| CVE-2018-19893 | 1 Pbootcms | 1 Pbootcms | 2018-12-26 | 7.5 HIGH | 9.8 CRITICAL |
| SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | |||||
| CVE-2018-19053 | 1 Pbootcms | 1 Pbootcms | 2018-12-12 | 6.5 MEDIUM | 7.2 HIGH |
| PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | |||||
| CVE-2018-18211 | 1 Pbootcms | 1 Pbootcms | 2018-11-26 | 6.8 MEDIUM | 8.1 HIGH |
| PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | |||||