RSS   Vulnerabilities for 'Pbootcms'   RSS

2021-03-31
 
CVE-2021-28245

CWE-89
 

 
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.

 
2020-11-30
 
CVE-2020-17901

CWE-352
 

 
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

 
2020-03-02
 
CVE-2018-16357

CWE-89
 

 
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.

 
 
CVE-2018-16356

CWE-89
 

 
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.

 
2019-10-09
 
CVE-2019-17417

CWE-79
 

 
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.

 
2019-02-17
 
CVE-2019-8422

CWE-89
 

 
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.

 
2019-02-07
 
CVE-2019-7570

CWE-352
 

 
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.

 
2018-12-05
 
CVE-2018-19893

CWE-89
 

 
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.

 
2018-11-27
 
CVE-2018-19595

CWE-94
 

 
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.

 
2018-11-07
 
CVE-2018-19053

CWE-94
 

 
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.

 


Copyright 2021, cxsecurity.com

 

Back to Top