CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1018 – PbootCMS cross site scripting
https://notcve.org/view.php?id=CVE-2024-1018
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md https://vuldb.com/?ctiid.252288 https://vuldb.com/?id.252288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50082
https://notcve.org/view.php?id=CVE-2023-50082
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. Aoyun Technology pbootcms V3.1.2 es vulnerable a un control de acceso incorrecto, permite a atacantes remotos obtener información confidencial a través de la fuga de sesión y permite al usuario evitar iniciar sesión en la plataforma de administración backend. • https://github.com/juraorab/cve/blob/master/CVE/README.md https://github.com/juraorab/cve/issues/2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39834
https://notcve.org/view.php?id=CVE-2023-39834
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. • https://github.com/Pbootcms/Pbootcms/issues/8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37497
https://notcve.org/view.php?id=CVE-2021-37497
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. • https://github.com/penson233/Vuln/issues/3 https://www.pbootcms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 29%CPEs: 1EXPL: 1CVE-2022-32417
https://notcve.org/view.php?id=CVE-2022-32417
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. Se descubrió que PbootCMS versión v3.1.2, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función parserIfLabel en el archivo function.php • https://github.com/Snakinya/Vuln/issues/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •