Latest pbootcms pbootcms Vulnerabilities

CVE-2023-50082
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend ma...
Pbootcms Pbootcms=3.1.2
CVE-2023-39834
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
Pbootcms Pbootcms<3.2.0
CVE-2021-37497
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.
Pbootcms Pbootcms=3.0.5
CVE-2022-32417
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
Pbootcms Pbootcms=3.1.2
CVE-2020-20971
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
Pbootcms Pbootcms=2.0.3
CVE-2020-18456
Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
Pbootcms Pbootcms=1.3.7
CVE-2020-22535
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
Pbootcms Pbootcms=2.0.6
CVE-2020-23580
Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.
Pbootcms Pbootcms=2.0.8
CVE-2020-20363
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
Pbootcms Pbootcms=2.0.3
CVE-2020-21003
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
Pbootcms Pbootcms=2.0.3
CVE-2021-28245
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
Pbootcms Pbootcms=3.0.4
CVE-2018-16357
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
Pbootcms Pbootcms
CVE-2018-16356
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
Pbootcms Pbootcms
CVE-2019-17417
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
Pbootcms Pbootcms=2.0.2
CVE-2019-8422
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
Pbootcms Pbootcms=1.3.2
CVE-2019-7570
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
Pbootcms Pbootcms=1.3.6
CVE-2018-19893
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
Pbootcms Pbootcms=1.2.1
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot...
Pbootcms Pbootcms=1.3.1
CVE-2018-18450
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
Pbootcms Pbootcms<1.3.0
CVE-2018-18211
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
Pbootcms Pbootcms=1.2.1
CVE-2018-11369
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
Pbootcms Pbootcms=1.0.9
CVE-2018-11018
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via...
Pbootcms Pbootcms=1.0.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203