Vulnerabilities > Pbootcms > Pbootcms > 0.9.8

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-39834 Command Injection vulnerability in Pbootcms
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
network
low complexity
pbootcms CWE-77
critical
 9.8
9.8
2018-10-17 CVE-2018-18450 SQL Injection vulnerability in Pbootcms
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
network
low complexity
pbootcms CWE-89
7.5
7.5
2018-04-16 CVE-2018-10133 Code Injection vulnerability in Pbootcms 0.9.8
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
network
low complexity
pbootcms CWE-94
7.5
7.5
2018-04-16 CVE-2018-10132 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 0.9.8
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
network
pbootcms CWE-352
6.8
6.8