CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39834
https://notcve.org/view.php?id=CVE-2023-39834
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. • https://github.com/Pbootcms/Pbootcms/issues/8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18450
https://notcve.org/view.php?id=CVE-2018-18450
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. apps\admin\controller\content\SingleController.php en PbootCMS en versiones anteriores a la V1.3.0 build 12/11/2018 tiene una inyección SQL, tal y como queda demostrado con los datos POST en el URI admin.php/Single/mod/mcode/1/id/3. • http://www.ttk7.cn/post-96.html https://www.pbootcms.com/changelog.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10133
https://notcve.org/view.php?id=CVE-2018-10133
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. PbootCMS v0.9.8 permite la inyección de código PHP mediante una etiqueta IF en index.php/About/6.html o admin.php/Site/index.html, relaconada con la función parserIfLabel en \apps\home\controller\ParserController.php. • https://github.com/vQAQv/Request-CVE-ID-PoC/blob/master/PbootCMS/v0.9.8/Getshll.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10132
https://notcve.org/view.php?id=CVE-2018-10132
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. PbootCMS v0.9.8 tiene Cross-Site Request Forgery (CSRF) mediante una petición admin.php/Message/mod/id/19.html?backurl=/index.php, lo que resulta en una inyección de código PHP en el parámetro recontent. • https://github.com/vQAQv/Request-CVE-ID-PoC/blob/master/PbootCMS/v0.9.8/CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) •