Vulnerabilities > Pbootcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-07 | CVE-2018-19053 | Code Injection vulnerability in Pbootcms 1.2.2 PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | 7.2 |
2018-10-17 | CVE-2018-18450 | SQL Injection vulnerability in Pbootcms apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | 9.8 |
2018-10-10 | CVE-2018-18211 | SQL Injection vulnerability in Pbootcms 1.2.1 PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | 8.1 |
2018-05-22 | CVE-2018-11369 | SQL Injection vulnerability in Pbootcms 1.0.9 An issue was discovered in PbootCMS v1.0.9. | 9.8 |
2018-05-13 | CVE-2018-11018 | Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.0.7 An issue was discovered in PbootCMS v1.0.7. | 8.8 |
2018-04-16 | CVE-2018-10133 | Code Injection vulnerability in Pbootcms 0.9.8 PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | 9.8 |
2018-04-16 | CVE-2018-10132 | Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 0.9.8 PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | 8.8 |