Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Pbootcms Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50082 1 Pbootcms 1 Pbootcms 2024-01-10 N/A 7.5 HIGH
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.
CVE-2020-20971 1 Pbootcms 1 Pbootcms 2022-06-10 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
CVE-2021-28245 1 Pbootcms 1 Pbootcms 2021-04-05 5.0 MEDIUM 7.5 HIGH
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
CVE-2019-8422 1 Pbootcms 1 Pbootcms 2019-02-19 6.5 MEDIUM 7.2 HIGH
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVE-2018-19053 1 Pbootcms 1 Pbootcms 2018-12-12 6.5 MEDIUM 7.2 HIGH
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
CVE-2018-18211 1 Pbootcms 1 Pbootcms 2018-11-26 6.8 MEDIUM 8.1 HIGH
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
CVE-2018-11018 1 Pbootcms 1 Pbootcms 2018-06-18 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
CVE-2018-10132 1 Pbootcms 1 Pbootcms 2018-05-22 6.8 MEDIUM 8.8 HIGH
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.