Vulnerabilities > Pbootcms > Pbootcms > 1.3.2

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-39834 Command Injection vulnerability in Pbootcms
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
network
low complexity
pbootcms CWE-77
critical
 9.8
9.8
2020-11-30 CVE-2020-17901 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.2
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
network
pbootcms CWE-352
4.3
4.3
2019-02-17 CVE-2019-8422 SQL Injection vulnerability in Pbootcms 1.3.2
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
network
low complexity
pbootcms CWE-89
6.5
6.5