3 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-39834

https://notcve.org/view.php?id=CVE-2023-39834

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. • https://github.com/Pbootcms/Pbootcms/issues/8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-17901

https://notcve.org/view.php?id=CVE-2020-17901

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. una vulnerabilidad de tipo Cross-site request forgery (CSRF) en PbootCMS versión 1.3.2, permite a atacantes cambiar la contraseña de un usuario • https://github.com/AvaterXXX/PbootCMS/blob/master/CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-8422

https://notcve.org/view.php?id=CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. Existe una vulnerabilidad de inyección SQL en PbootCMS v1.3.2 mediante el parámetro description en apps\admin\controller\content\ContentController.php. • https://github.com/wowwooo/vnotes/blob/master/PbootCMS%20SQL%20Injection%20Description.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •