Vulnerabilities (CVE)

Filtered by vendor Pbootcms Subscribe
Filtered by product Pbootcms
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18211 1 Pbootcms 1 Pbootcms 2024-11-21 6.8 MEDIUM 8.1 HIGH
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
CVE-2018-16357 1 Pbootcms 1 Pbootcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
CVE-2018-16356 1 Pbootcms 1 Pbootcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
CVE-2018-11369 1 Pbootcms 1 Pbootcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
CVE-2018-11018 1 Pbootcms 1 Pbootcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
CVE-2018-10133 1 Pbootcms 1 Pbootcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.
CVE-2018-10132 1 Pbootcms 1 Pbootcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.