Vulnerabilities > Pbootcms

DATE CVE VULNERABILITY TITLE RISK
2018-11-07 CVE-2018-19053 Code Injection vulnerability in Pbootcms 1.2.2
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
network
low complexity
pbootcms CWE-94
7.2
2018-10-17 CVE-2018-18450 SQL Injection vulnerability in Pbootcms
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
network
low complexity
pbootcms CWE-89
critical
9.8
2018-10-10 CVE-2018-18211 SQL Injection vulnerability in Pbootcms 1.2.1
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
network
high complexity
pbootcms CWE-89
8.1
2018-05-22 CVE-2018-11369 SQL Injection vulnerability in Pbootcms 1.0.9
An issue was discovered in PbootCMS v1.0.9.
network
low complexity
pbootcms CWE-89
critical
9.8
2018-05-13 CVE-2018-11018 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.0.7
An issue was discovered in PbootCMS v1.0.7.
network
low complexity
pbootcms CWE-352
8.8
2018-04-16 CVE-2018-10133 Code Injection vulnerability in Pbootcms 0.9.8
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
network
low complexity
pbootcms CWE-94
critical
9.8
2018-04-16 CVE-2018-10132 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 0.9.8
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
network
low complexity
pbootcms CWE-352
8.8