Vulnerabilities (CVE)

Vendor filter

Pbootcms Subscribe


12 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17417 1 Pbootcms 1 Pbootcms 2019-10-11 3.5
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2018-19595 1 Pbootcms 1 Pbootcms 2019-04-17 7.5
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect...
CVE-2018-18450 1 Pbootcms 1 Pbootcms 2019-03-07 7.5
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
CVE-2019-8422 1 Pbootcms 1 Pbootcms 2019-02-19 6.5
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVE-2019-7570 1 Pbootcms 1 Pbootcms 2019-02-07 5.8
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
CVE-2018-19893 1 Pbootcms 1 Pbootcms 2018-12-26 7.5
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVE-2018-19053 1 Pbootcms 1 Pbootcms 2018-12-12 6.5
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
CVE-2018-18211 1 Pbootcms 1 Pbootcms 2018-11-26 6.8
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
CVE-2018-11369 1 Pbootcms 1 Pbootcms 2018-06-22 7.5
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
CVE-2018-11018 1 Pbootcms 1 Pbootcms 2018-06-18 6.8
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
CVE-2018-10133 1 Pbootcms 1 Pbootcms 2018-05-22 7.5
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
CVE-2018-10132 1 Pbootcms 1 Pbootcms 2018-05-22 6.8
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.