Skip to main content

Pbootcms CVE-2020-17901

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2020-11-30 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 30, 2020 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

AnalysisAI

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. Affected products include: Pbootcms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-39834 CRITICAL POC
9.8 Aug 24

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. Rated critical se

CVE-2022-32417 CRITICAL POC
9.8 Jul 14

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at

CVE-2018-19893 CRITICAL POC
9.8 Dec 06

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. Rated critica

CVE-2018-19595 CRITICAL POC
9.8 Nov 27

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as

CVE-2018-18450 CRITICAL POC
9.8 Oct 17

apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demo

CVE-2018-11369 CRITICAL POC
9.8 May 22

An issue was discovered in PbootCMS v1.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2018-10133 CRITICAL POC
9.8 Apr 16

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, relate

CVE-2025-46109 HIGH POC
8.8 Jun 18

SQL Injection vulnerability in pbootCMS versions 3.2.5 and 3.2.10 that allows unauthenticated remote attackers to execut

CVE-2018-11018 HIGH POC
8.8 May 13

An issue was discovered in PbootCMS v1.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2018-10132 HIGH POC
8.8 Apr 16

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injec

CVE-2018-18211 HIGH POC
8.1 Oct 10

PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. Rated high severity (CVS

CVE-2023-50082 HIGH POC
7.5 Jan 04

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive in

Share

CVE-2020-17901 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy