Vulnerabilities > Pbootcms > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2023-50082 Unspecified vulnerability in Pbootcms 3.1.2
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.
network
low complexity
pbootcms
7.5
7.5
2022-06-02 CVE-2020-20971 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 2.0.3
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
network
low complexity
pbootcms CWE-352
8.8
8.8
2021-03-31 CVE-2021-28245 SQL Injection vulnerability in Pbootcms 3.0.4
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
network
low complexity
pbootcms CWE-89
7.5
7.5
2019-02-17 CVE-2019-8422 SQL Injection vulnerability in Pbootcms 1.3.2
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
network
low complexity
pbootcms CWE-89
7.2
7.2
2018-11-07 CVE-2018-19053 Code Injection vulnerability in Pbootcms 1.2.2
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
network
low complexity
pbootcms CWE-94
7.2
7.2
2018-10-10 CVE-2018-18211 SQL Injection vulnerability in Pbootcms 1.2.1
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
network
high complexity
pbootcms CWE-89
8.1
8.1
2018-05-13 CVE-2018-11018 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.0.7
An issue was discovered in PbootCMS v1.0.7.
network
low complexity
pbootcms CWE-352
8.8
8.8
2018-04-16 CVE-2018-10132 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 0.9.8
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
network
low complexity
pbootcms CWE-352
8.8
8.8