CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50082
https://notcve.org/view.php?id=CVE-2023-50082
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. Aoyun Technology pbootcms V3.1.2 es vulnerable a un control de acceso incorrecto, permite a atacantes remotos obtener información confidencial a través de la fuga de sesión y permite al usuario evitar iniciar sesión en la plataforma de administración backend. • https://github.com/juraorab/cve/blob/master/CVE/README.md https://github.com/juraorab/cve/issues/2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39834
https://notcve.org/view.php?id=CVE-2023-39834
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. • https://github.com/Pbootcms/Pbootcms/issues/8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37497
https://notcve.org/view.php?id=CVE-2021-37497
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. • https://github.com/penson233/Vuln/issues/3 https://www.pbootcms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 29%CPEs: 1EXPL: 1CVE-2022-32417
https://notcve.org/view.php?id=CVE-2022-32417
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. Se descubrió que PbootCMS versión v3.1.2, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función parserIfLabel en el archivo function.php • https://github.com/Snakinya/Vuln/issues/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20971
https://notcve.org/view.php?id=CVE-2020-20971
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en PbootCMS versión v2.0.3, por medio de /admin.php?p=/User/index • https://github.com/TplusSs/PbootCMS/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •