Vulnerabilities > Pbootcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2024-1018 Cross-site Scripting vulnerability in Pbootcms 3.2.5
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421.
network
low complexity
pbootcms CWE-79
6.1
6.1
2022-06-02 CVE-2020-20971 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 2.0.3
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
network
pbootcms CWE-352
6.8
6.8
2021-07-09 CVE-2020-22535 Exposure of Resource to Wrong Sphere vulnerability in Pbootcms 2.0.6
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
network
low complexity
pbootcms CWE-668
4.0
4.0
2021-03-31 CVE-2021-28245 SQL Injection vulnerability in Pbootcms 3.0.4
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.
network
low complexity
pbootcms CWE-89
5.0
5.0
2020-11-30 CVE-2020-17901 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.2
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
network
pbootcms CWE-352
4.3
4.3
2019-02-17 CVE-2019-8422 SQL Injection vulnerability in Pbootcms 1.3.2
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
network
low complexity
pbootcms CWE-89
6.5
6.5
2019-02-07 CVE-2019-7570 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.6
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
network
pbootcms CWE-352
5.8
5.8
2018-11-07 CVE-2018-19053 Code Injection vulnerability in Pbootcms 1.2.2
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
network
low complexity
pbootcms CWE-94
6.5
6.5
2018-10-10 CVE-2018-18211 SQL Injection vulnerability in Pbootcms 1.2.1
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
network
pbootcms CWE-89
6.8
6.8
2018-05-13 CVE-2018-11018 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.0.7
An issue was discovered in PbootCMS v1.0.7.
network
pbootcms CWE-352
6.8
6.8