Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19893 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | |||||
| CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | |||||
| CVE-2018-19053 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | |||||
| CVE-2018-10133 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | |||||
| CVE-2018-11369 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. | |||||
| CVE-2018-11018 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | |||||
| CVE-2018-10132 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | |||||