CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19053
https://notcve.org/view.php?id=CVE-2018-19053
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. PbootCMS 1.2.2 permite que atacantes remotos ejecuten código PHP arbitrario especificando un nombre de archivo .php en una instrucción "SET GLOBAL general_log_file", seguida por una instrucción SELECT que contiene un código PHP. • https://github.com/Pbootcms/Pbootcms/issues/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18450
https://notcve.org/view.php?id=CVE-2018-18450
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. apps\admin\controller\content\SingleController.php en PbootCMS en versiones anteriores a la V1.3.0 build 12/11/2018 tiene una inyección SQL, tal y como queda demostrado con los datos POST en el URI admin.php/Single/mod/mcode/1/id/3. • http://www.ttk7.cn/post-96.html https://www.pbootcms.com/changelog.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18211
https://notcve.org/view.php?id=CVE-2018-18211
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. PbootCMS 1.2.1 tiene una inyección SQL mediante los datos HTTP POST en el URI api.php/cms/addform?fcode=1. • https://github.com/Pbootcms/Pbootcms/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11369
https://notcve.org/view.php?id=CVE-2018-11369
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. Se ha descubierto un problema en PbootCMS v1.0.9. Hay una inyección SQL que puede conseguir información importante de la base de datos mediante el parámetro scode en \apps\home\controller\ParserController.php. • https://gitee.com/hnaoyun/PbootCMS/issues/IJZ1E • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11018
https://notcve.org/view.php?id=CVE-2018-11018
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. Se ha descubierto un problema en PbootCMS v1.0.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en apps/admin/controller/system/RoleController.php permite que atacantes remotos añadan cuentas de administrador mediante admin.php/role/add.html. • https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf • CWE-352: Cross-Site Request Forgery (CSRF) •