Vulnerabilities > Pbootcms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-03	CVE-2020-21003	Cross-site Scripting vulnerability in Pbootcms 2.0.3 Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php. network low complexity pbootcms CWE-79	4.8
2021-03-31	CVE-2021-28245	SQL Injection vulnerability in Pbootcms 3.0.4 PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. network low complexity pbootcms CWE-89	7.5
2020-11-30	CVE-2020-17901	Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.2 Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. network low complexity pbootcms CWE-352	6.5
2020-03-02	CVE-2018-16357	SQL Injection vulnerability in Pbootcms An issue was discovered in PbootCMS. network low complexity pbootcms CWE-89 critical	9.8
2020-03-02	CVE-2018-16356	SQL Injection vulnerability in Pbootcms An issue was discovered in PbootCMS. network low complexity pbootcms CWE-89 critical	9.8
2019-10-10	CVE-2019-17417	Cross-site Scripting vulnerability in Pbootcms 2.0.2 PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. network low complexity pbootcms CWE-79	4.8
2019-02-17	CVE-2019-8422	SQL Injection vulnerability in Pbootcms 1.3.2 A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. network low complexity pbootcms CWE-89	7.2
2019-02-07	CVE-2019-7570	Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.6 A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. network low complexity pbootcms CWE-352	6.5
2018-12-06	CVE-2018-19893	SQL Injection vulnerability in Pbootcms 1.2.1 SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. network low complexity pbootcms CWE-89 critical	9.8
2018-11-27	CVE-2018-19595	Code Injection vulnerability in Pbootcms 1.3.1 PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. network low complexity pbootcms CWE-94 critical	9.8

Vulnerabilities > Pbootcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pbootcms"}]}

Vulnerabilities > Pbootcms