Vulnerabilities > Pbootcms > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2023-50082 Unspecified vulnerability in Pbootcms 3.1.2
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.
network
low complexity
pbootcms
7.5
7.5
2022-07-14 CVE-2022-32417 Code Injection vulnerability in Pbootcms 3.1.2
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
network
low complexity
pbootcms CWE-94
7.5
7.5
2021-07-08 CVE-2020-23580 Unspecified vulnerability in Pbootcms 2.0.8
Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.
network
low complexity
pbootcms
7.5
7.5
2020-03-02 CVE-2018-16357 SQL Injection vulnerability in Pbootcms
An issue was discovered in PbootCMS.
network
low complexity
pbootcms CWE-89
7.5
7.5
2020-03-02 CVE-2018-16356 SQL Injection vulnerability in Pbootcms
An issue was discovered in PbootCMS.
network
low complexity
pbootcms CWE-89
7.5
7.5
2018-12-06 CVE-2018-19893 SQL Injection vulnerability in Pbootcms 1.2.1
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
network
low complexity
pbootcms CWE-89
7.5
7.5
2018-11-27 CVE-2018-19595 Code Injection vulnerability in Pbootcms 1.3.1
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
network
low complexity
pbootcms CWE-94
7.5
7.5
2018-10-17 CVE-2018-18450 SQL Injection vulnerability in Pbootcms
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
network
low complexity
pbootcms CWE-89
7.5
7.5
2018-05-22 CVE-2018-11369 SQL Injection vulnerability in Pbootcms 1.0.9
An issue was discovered in PbootCMS v1.0.9.
network
low complexity
pbootcms CWE-89
7.5
7.5
2018-04-16 CVE-2018-10133 Code Injection vulnerability in Pbootcms 0.9.8
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
network
low complexity
pbootcms CWE-94
7.5
7.5