Vulnerabilities > Pbootcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-03 | CVE-2020-21003 | Cross-site Scripting vulnerability in Pbootcms 2.0.3 Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php. | 3.5 |
2021-03-31 | CVE-2021-28245 | SQL Injection vulnerability in Pbootcms 3.0.4 PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. | 5.0 |
2020-11-30 | CVE-2020-17901 | Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.2 Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | 4.3 |
2020-03-02 | CVE-2018-16357 | SQL Injection vulnerability in Pbootcms An issue was discovered in PbootCMS. | 7.5 |
2020-03-02 | CVE-2018-16356 | SQL Injection vulnerability in Pbootcms An issue was discovered in PbootCMS. | 7.5 |
2019-10-10 | CVE-2019-17417 | Cross-site Scripting vulnerability in Pbootcms 2.0.2 PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | 3.5 |
2019-02-17 | CVE-2019-8422 | SQL Injection vulnerability in Pbootcms 1.3.2 A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | 6.5 |
2019-02-07 | CVE-2019-7570 | Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.6 A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | 5.8 |
2018-12-06 | CVE-2018-19893 | SQL Injection vulnerability in Pbootcms 1.2.1 SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | 7.5 |
2018-11-27 | CVE-2018-19595 | Code Injection vulnerability in Pbootcms 1.3.1 PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | 7.5 |