Aggregates CVE and security vulnerability intelligence across all pbootcms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-28245 | PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. | [email protected] | 7.5 | 1.14% | 2021-03-31 | 2026-06-16 |
| CVE-2020-17901 | Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | [email protected] | 6.5 | 0.43% | 2020-11-30 | 2026-06-16 |
| CVE-2018-16357 | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | [email protected] | 9.8 | 1.84% | 2020-03-02 | 2026-06-16 |
| CVE-2018-16356 | An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | [email protected] | 9.8 | 1.84% | 2020-03-02 | 2026-06-16 |
| CVE-2019-17417 | PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | [email protected] | 4.8 | 0.65% | 2019-10-09 | 2026-06-16 |
| CVE-2019-8422 | A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | [email protected] | 7.2 | 1.30% | 2019-02-17 | 2026-06-16 |
| CVE-2019-7570 | A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | [email protected] | 6.5 | 0.54% | 2019-02-07 | 2026-06-16 |
| CVE-2018-19893 | SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | [email protected] | 9.8 | 1.14% | 2018-12-05 | 2026-06-16 |
| CVE-2018-19595 | PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | [email protected] | 9.8 | 3.86% | 2018-11-27 | 2026-06-16 |
| CVE-2018-19053 | PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | [email protected] | 7.2 | 1.44% | 2018-11-07 | 2026-06-16 |
| CVE-2018-18450 | apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | [email protected] | 9.8 | 1.52% | 2018-10-17 | 2026-06-16 |
| CVE-2018-18211 | PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | [email protected] | 8.1 | 0.88% | 2018-10-10 | 2026-06-16 |
| CVE-2018-11369 | An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. | [email protected] | 9.8 | 1.14% | 2018-05-22 | 2026-06-16 |
| CVE-2018-11018 | An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | [email protected] | 8.8 | 0.61% | 2018-05-13 | 2026-06-16 |
| CVE-2018-10133 | PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | [email protected] | 9.8 | 1.42% | 2018-04-16 | 2026-06-16 |
| CVE-2018-10132 | PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | [email protected] | 8.8 | 0.52% | 2018-04-16 | 2026-06-16 |