Skip to main content

Pbootcms CVE-2023-39834

CRITICAL
Command Injection (CWE-77)
2023-08-24 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 24, 2023 - 18:15 nvd
CRITICAL 9.8

DescriptionNVD

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.

AnalysisAI

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. Affected products include: Pbootcms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2022-32417 CRITICAL POC
9.8 Jul 14

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at

CVE-2018-19893 CRITICAL POC
9.8 Dec 06

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. Rated critica

CVE-2018-19595 CRITICAL POC
9.8 Nov 27

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as

CVE-2018-18450 CRITICAL POC
9.8 Oct 17

apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demo

CVE-2018-11369 CRITICAL POC
9.8 May 22

An issue was discovered in PbootCMS v1.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2018-10133 CRITICAL POC
9.8 Apr 16

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, relate

CVE-2025-46109 HIGH POC
8.8 Jun 18

SQL Injection vulnerability in pbootCMS versions 3.2.5 and 3.2.10 that allows unauthenticated remote attackers to execut

CVE-2018-11018 HIGH POC
8.8 May 13

An issue was discovered in PbootCMS v1.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2018-10132 HIGH POC
8.8 Apr 16

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injec

CVE-2018-18211 HIGH POC
8.1 Oct 10

PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. Rated high severity (CVS

CVE-2023-50082 HIGH POC
7.5 Jan 04

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive in

CVE-2021-28245 HIGH POC
7.5 Mar 31

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensiti

Share

CVE-2023-39834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy