Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Pbootcms Subscribe
Filtered by product Pbootcms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39834 1 Pbootcms 1 Pbootcms 2023-08-29 N/A 9.8 CRITICAL
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
CVE-2022-32417 1 Pbootcms 1 Pbootcms 2022-07-18 7.5 HIGH 9.8 CRITICAL
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
CVE-2018-16356 1 Pbootcms 1 Pbootcms 2020-03-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
CVE-2018-16357 1 Pbootcms 1 Pbootcms 2020-03-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
CVE-2018-19595 1 Pbootcms 1 Pbootcms 2019-04-17 7.5 HIGH 9.8 CRITICAL
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
CVE-2018-18450 1 Pbootcms 1 Pbootcms 2019-03-07 7.5 HIGH 9.8 CRITICAL
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
CVE-2018-19893 1 Pbootcms 1 Pbootcms 2018-12-26 7.5 HIGH 9.8 CRITICAL
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVE-2018-11369 1 Pbootcms 1 Pbootcms 2018-06-22 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
CVE-2018-10133 1 Pbootcms 1 Pbootcms 2018-05-22 7.5 HIGH 9.8 CRITICAL
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.