First published: Fri Feb 03 2023(Updated: )
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pbootcms Pbootcms | =3.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-37497 is critical (9.8).
CVE-2021-37497 allows remote attackers to run arbitrary SQL commands via crafted GET request in PbootCMS 3.0.5.
To fix CVE-2021-37497 in PbootCMS 3.0.5, it is recommended to apply the latest patch or upgrade to a patched version provided by the vendor.
CWE-89 is a vulnerability type called 'Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')'.
More information about CVE-2021-37497 can be found at the following references: [GitHub Issue](https://github.com/penson233/Vuln/issues/3), [Vendor Website](https://www.pbootcms.com/).