Vulnerabilities > Pbootcms

DATE CVE VULNERABILITY TITLE RISK
2021-06-03 CVE-2020-21003 Cross-site Scripting vulnerability in Pbootcms 2.0.3
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
network
pbootcms CWE-79
3.5
2021-03-31 CVE-2021-28245 SQL Injection vulnerability in Pbootcms 3.0.4
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
network
low complexity
pbootcms CWE-89
5.0
2020-11-30 CVE-2020-17901 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.2
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
network
pbootcms CWE-352
4.3
2020-03-02 CVE-2018-16357 SQL Injection vulnerability in Pbootcms
An issue was discovered in PbootCMS.
network
low complexity
pbootcms CWE-89
7.5
2020-03-02 CVE-2018-16356 SQL Injection vulnerability in Pbootcms
An issue was discovered in PbootCMS.
network
low complexity
pbootcms CWE-89
7.5
2019-10-10 CVE-2019-17417 Cross-site Scripting vulnerability in Pbootcms 2.0.2
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
network
pbootcms CWE-79
3.5
2019-02-17 CVE-2019-8422 SQL Injection vulnerability in Pbootcms 1.3.2
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
network
low complexity
pbootcms CWE-89
6.5
2019-02-07 CVE-2019-7570 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.6
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
network
pbootcms CWE-352
5.8
2018-12-06 CVE-2018-19893 SQL Injection vulnerability in Pbootcms 1.2.1
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
network
low complexity
pbootcms CWE-89
7.5
2018-11-27 CVE-2018-19595 Code Injection vulnerability in Pbootcms 1.3.1
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
network
low complexity
pbootcms CWE-94
7.5