Vulnerabilities > Pbootcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-19 CVE-2024-12789 Code Injection vulnerability in Pbootcms
A vulnerability was found in PbootCMS up to 3.2.3.
network
low complexity
pbootcms CWE-94
critical
 9.8
9.8
2023-08-24 CVE-2023-39834 Command Injection vulnerability in Pbootcms
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
network
low complexity
pbootcms CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2021-37497 SQL Injection vulnerability in Pbootcms 3.0.5
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.
network
low complexity
pbootcms CWE-89
critical
 9.8
9.8
2022-07-14 CVE-2022-32417 Code Injection vulnerability in Pbootcms 3.1.2
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
network
low complexity
pbootcms CWE-94
critical
 9.8
9.8
2021-07-08 CVE-2020-23580 Unspecified vulnerability in Pbootcms 2.0.8
Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.
network
low complexity
pbootcms
critical
 9.8
9.8
2020-03-02 CVE-2018-16357 SQL Injection vulnerability in Pbootcms
An issue was discovered in PbootCMS.
network
low complexity
pbootcms CWE-89
critical
 9.8
9.8
2020-03-02 CVE-2018-16356 SQL Injection vulnerability in Pbootcms
An issue was discovered in PbootCMS.
network
low complexity
pbootcms CWE-89
critical
 9.8
9.8
2018-12-06 CVE-2018-19893 SQL Injection vulnerability in Pbootcms 1.2.1
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
network
low complexity
pbootcms CWE-89
critical
 9.8
9.8
2018-11-27 CVE-2018-19595 Code Injection vulnerability in Pbootcms 1.3.1
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
network
low complexity
pbootcms CWE-94
critical
 9.8
9.8
2018-10-17 CVE-2018-18450 SQL Injection vulnerability in Pbootcms
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
network
low complexity
pbootcms CWE-89
critical
 9.8
9.8